Lucene search

PRIOn knowledge basePRION:CVE-2023-26462

HistoryFeb 23, 2023 - 6:15 a.m.

Design/Logic Flaw

2023-02-2306:15:00

PRIOn knowledge base

www.prio-n.com

thingsboard 3.4.1

design/logic flaw

remote attacker

elevated privileges

hard-coded service credentials

insecure format

privilege escalation

application server

source code

nvd

8.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.4%

JSON

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

CPENameOperatorVersion
thingsboardeq3.4.1

CPE	Name	Operator	Version
	thingsboard	eq	3.4.1

References

exchange.xforce.ibmcloud.com/vulnerabilities/238544

thingsboard.io/docs/reference/releases/