Insecure Storage of Sensitive Information

CVE-2022-0724

Medium

6.5/10

Summary

Insecure Storage of Sensitive Information in microweber/microweber prior to 1.2.12.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-922 - Insecure Storage of Sensitive Information

The software stores sensitive information without properly limiting read or write access by unauthorized actors.

References

Advisory Timeline

Published Feb 23, 2022