CVE-2020-11560 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Affected Products (NVD)

Vendor	Product	Version
nchsoftware	express_invoice	7.25

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-522 - Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

http://packetstormsecurity.com/files/173117/NCH-Express-Invoice-7.25-Cleartext-Password.html

https://tejaspingulkar.blogspot.com/2020/03/cve-cve-2020-11560-title-clear-text.html

https://www.youtube.com/watch?v=V0BWq33qVCs&feature=youtu.be

http://packetstormsecurity.com/files/173117/NCH-Express-Invoice-7.25-Cleartext-Password.html

https://tejaspingulkar.blogspot.com/2020/03/cve-cve-2020-11560-title-clear-text.html

https://www.youtube.com/watch?v=V0BWq33qVCs&feature=youtu.be