The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-09-20T07:54:53.890Z
Updated: 2024-08-03T14:55:08.312Z
Reserved: 2022-12-19T16:35:50.462Z
Link: CVE-2022-47561
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-09-20T08:15:15.380
Modified: 2024-08-03T15:15:49.620
Link: CVE-2022-47561
Redhat
No data.