CVE-2024-6118

A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.
References
Link Resource
https://zuso.ai/advisory/za-2024-03 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:hamastar:meetinghub_paperless_meetings:2021:*:*:*:*:*:*:*

History

30 Aug 2024, 17:44

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
First Time Hamastar meetinghub Paperless Meetings
Hamastar
References () https://zuso.ai/advisory/za-2024-03 - () https://zuso.ai/advisory/za-2024-03 - Third Party Advisory
CWE CWE-522
CPE cpe:2.3:a:hamastar:meetinghub_paperless_meetings:2021:*:*:*:*:*:*:*

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de almacenamiento de texto plano de una contraseña en la función ebooknote en Hamastar MeetingHub Paperless Meetings 2021 permite a atacantes remotos obtener las credenciales de otros usuarios y obtener acceso al producto a través de un archivo XML.

05 Aug 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-05 05:15

Updated : 2024-08-30 17:44


NVD link : CVE-2024-6118

Mitre link : CVE-2024-6118

CVE.ORG link : CVE-2024-6118


JSON object : View

Products Affected

hamastar

  • meetinghub_paperless_meetings
CWE
CWE-522

Insufficiently Protected Credentials

CWE-256

Plaintext Storage of a Password