Lucene search

HCLCVELIST:CVE-2024-23579

HistoryMay 28, 2024 - 9:25 p.m.

CVE-2024-23579 HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions

2024-05-2821:25:18

HCL

www.cve.org

hcl

dryice optibot

reset station

insecure encryption

security questions

database access

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DRYiCE Optibot Reset Station",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "1.0, 2.0"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113496

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-23579