ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-5138-d40ae-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2021-09-30T00:00:00
Updated: 2021-09-30T10:41:08
Reserved: 2021-09-15T00:00:00
Link: CVE-2021-41302
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-30T11:15:08.033
Modified: 2022-08-12T17:48:44.553
Link: CVE-2021-41302
JSON object: View
Redhat Information
No data.