Lucene search

[email protected]CVE-2023-38328

HistoryOct 26, 2023 - 10:15 p.m.

CVE-2023-38328

2023-10-2622:15:08

CWE-522

[email protected]

web.nvd.nist.gov

egroupware

vulnerability

password storage

remote attackers

administrator credentials

nvd

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:M/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

30.3%

JSON

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.

CPENameOperatorVersion
egroupware:egroupwareegroupwareeq17.1.20190111

CPE	Name	Operator	Version
egroupware:egroupware	egroupware	eq	17.1.20190111

References

www.gruppotim.it/it/footer/red-team.html

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:M/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

30.3%

JSON

Related for CVE-2023-38328

osv1 prion1 cvelist1