CVE-2024-3165 in dotCMSالمعلومات

الملخص

بحسب MITRE • 02/04/2024

System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.  

OWASP Top 10 - A05) Insecure Design

OWASP Top 10 - A05) Security Misconfiguration

OWASP Top 10 - A09) Security Logging and Monitoring Failure

VulDB is the best source for vulnerability data and more expert information about this specific topic.

مسؤول

dotCMS LLC

حجز

01/04/2024

إفشاء

02/04/2024

الاعتدال

تمت الموافقة

إدخال

VDB-258938

EPSS

0.00495

KEV

لا

النشاطات

منخفض جدًا

المصادر

Want to stay up to date on a daily basis?

Enable the mail alert feature now!