Lucene search

HCLVULNRICHMENT:CVE-2024-23579

HistoryMay 28, 2024 - 9:25 p.m.

CVE-2024-23579 HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions

2024-05-2821:25:18

HCL

github.com

cve-2024-23579

hcl dryice optibot

reset station

insecure encryption

security questions

attacker

database

encrypted values

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DRYiCE Optibot Reset Station",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "1.0, 2.0"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0113496

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-23579