Cleartext Storage of Sensitive Information
CVE-2021-27233
Summary
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- HIGH
- HIGH
- NONE
CWE-312 - Cleartext Storage of Sensitive Information
The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
References
Advisory Timeline
- Published