CVE-2019-6242

Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix it at a future time
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
kenticokentico
10.0.42
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/boatpavaris/cff51e52a96fdde8215f71a3315703c2
https://gist.github.com/boatpavaris/cff51e52a96fdde8215f71a3315703c2