CVE-2019-13947 · CVEKit

cve.orgen

373 chars

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users.

NVDen

373 chars

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the Control Center Server (CCS) transfers user passwords in clear to the client (browser). An attacker with administrative privileges for the web interface could be able to read (and not only reset) passwords of other CCS users.

NVDes

443 chars

Se ha identificado una vulnerabilidad en el Servidor de Control Center (CCS) (Todas las versiones anteriores a V1.5.0). El menú de configuración de usuarios en la interfaz web del Servidor de Control Center (CCS) transfiere las contraseñas de los usuarios en claro al cliente (navegador). Un atacante con privilegios administrativos para la interfaz web podría ser capaz de leer (y no sólo restablecer) las contraseñas de otros usuarios de CCS

CVSS metrics across sources

5

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
3.1	Primary	cve.org	4.9	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C