CVE-2024-25654

CVE-2024-25654 affects AVSystem Unified Management Platform (UMP) version 23.07.0.16567~LTS. The root cause is insecure permissions on log files, which, for users with local access to the UMP application server, can expose credentials used to authenticate to all services and can enable decryption...

PT-2024-21073 · Avsystem · Avsystem Unified Management Platform

Name of the Vulnerable Software and Affected Versions: AVSystem Unified Management Platform UMP version 23.07.0.16567LTS Description: An open redirect in the Login/Logout functionality of web management could allow attackers to redirect authenticated users to malicious websites. Recommendations:...

CVE-2024-25657

An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform UMP 23.07.0.16567LTS could allow attackers to redirect authenticated users to malicious websites...

CVE-2024-25655

Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allows members with read access to the application database to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP...