CVE-2024-7267 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CERT-PL	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Vendor	Product	Version
nask	ezd_rp	𝑥 < 19.6

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-213 - Exposure of Sensitive Information Due to Incompatible Policies
The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.

References

https://cert.pl/en/posts/2024/08/CVE-2024-7265/

https://cert.pl/posts/2024/08/CVE-2024-7265/

https://www.gov.pl/web/ezd-rp