CVE-2024-6515

CWE-319Cleartext Transmission3 documents3 sources
Severity
8.7HIGH
EPSS
0.1%
top 64.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
22
ABB Aspect-ent-12 FirmwareABB Aspect-ent-256 FirmwareABB Aspect-ent-2 Firmware+19 more
Timeline
PublishedDec 5

Description

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/S:N

Affected Packages22 packages

CVEListV5abb/nexus_series3.08.02
CVEListV5abb/matrix_seriesinitial3.08.02
CVEListV5abb/aspect-enterprise3.08.02
NVDabb/matrix-11_firmware< 3.08.03
NVDabb/nexus-264_firmware< 3.08.03

🔴Vulnerability Details

2
GHSA
GHSA-w8wv-xphh-4948: Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended crede2024-12-05
CVEList
unauthorized file access2024-12-05
CVE-2024-6515 (HIGH CVSS 8.7) | Web browser interface may manipulat | cvebase.io