In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table.
References
Link | Resource |
---|---|
https://www.cmdbuild.org/en/reference/news/cmdbuild-3-3-3-intermediate-release-vulnerability-patch | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-22T21:12:52
Updated: 2022-03-22T21:12:52
Reserved: 2022-02-21T00:00:00
Link: CVE-2022-25518
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-22T22:15:07.903
Modified: 2022-03-28T20:08:30.037
Link: CVE-2022-25518
JSON object: View
Redhat Information
No data.
CWE