CVE-2023-4384

16.08.2023, 20:15

A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
VulDB	CNA	3.7 LOW				CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 11%

Vendor	Product	Version
maximatech	portal_executivo	21.9.1.140

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-311 - Missing Encryption of Sensitive Data
The software does not encrypt sensitive or critical information before storage or transmission.

References

https://l6x.notion.site/PoC-7041cf9625554273b17148de85705d06?pvs=4

https://vuldb.com/?ctiid.237316

https://vuldb.com/?id.237316

https://l6x.notion.site/PoC-7041cf9625554273b17148de85705d06?pvs=4

https://vuldb.com/?ctiid.237316

https://vuldb.com/?id.237316