CVE-2019-17497Insufficiently Protected Credentials in Editor

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
6.5MEDIUMNVD
CNA7.5
EPSS
2.9%
top 13.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pdf-xchange Editor
Timeline
PublishedOct 11
Latest updateMay 24

Description

Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-2pj4-mr9m-qwww: Tracker PDF-XChange Editor before 82022-05-24
CVEList
CVE-2019-17497: Tracker PDF-XChange Editor before 82019-10-10
CVE-2019-17497 — Insufficiently Protected Credentials | cvebase