CVE-2024-9040 — Cleartext Storage in a File or on Disk in Blood Bank Management System

CWE-313 — Cleartext Storage in a File or on Disk CWE-312 — Cleartext Storage of Sensitive Info CWE-99 — Resource Injection4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 97.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Blood Bank Management System

Timeline

PublishedSep 20

Description

A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5code-projects/blood_bank_management_system1.0

▶NVDcode-projects/blood_bank_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-pcj5-c4v2-hq4g: A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1↗2024-09-20

▶

CVEList

code-projects Blood Bank Management System Password cleartext storage in a file or on disk↗2024-09-20

▶

📋Vendor Advisories

Red Hat

kernel: powerpc/pseries: Whitelist dtl slub object for copying to userspace↗2024-07-29

▶