Lucene search

[email protected]CVE-2022-31405

HistoryFeb 27, 2023 - 6:15 a.m.

CVE-2022-31405

2023-02-2706:15:11

CWE-312

[email protected]

web.nvd.nist.gov

mv idigital clinic enterprise

idce

1.0

password security

cleartext password

cve-2022-31405

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext.

Affected configurations

NVD

Node

mv_idigital_clinic_enterprise_projectmv_idigital_clinic_enterpriseMatch1.0

CPENameOperatorVersion
mv_idigital_clinic_enterprise_project:mv_idigital_clinic_enterprisemv idigital clinic enterprise project mv idigital clinic enterpriseeq1.0

CPE	Name	Operator	Version
mv_idigital_clinic_enterprise_project:mv_idigital_clinic_enterprise	mv idigital clinic enterprise project mv idigital clinic enterprise	eq	1.0

References

github.com/ifmacedo/mconnect/blob/main/IDCE-ClearTextStorage

mv.com.br/pt/blog/microdata-integra-novo-modulo-cockpit-ao-ris-idce

www.linkedin.com/pulse/armazenamento-inseguro-idce-mv-iran-macedo

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

Related for CVE-2022-31405

cvelist1 nvd1 prion1