- Description
- An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed credentials of the installer. This EOL component was deprecated in September 2023 with end of support extended till January 2024.
- Source
- bd8dbf88-98d9-42c6-be08-cf8e48a32093
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 6.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- bd8dbf88-98d9-42c6-be08-cf8e48a32093
- CWE-327
- Hype score
- Not currently trending
🚨 CVE-2025-3838 🟠 MEDIUM (6.1) 🏢 Saviynt - OVA based Connect 🏗️ AlmaLinux-8.x_SC2.0-Client-2.0 🔗 https://t.co/fb290tytoB #CyberCron #VulnAlert #InfoSec https://t.co/cTfTzCwllw
@cybercronai
21 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-3838 | Saviynt OVA based Connect up to RHEL-8.x_SC2.0-Client-3.0 authorization) has been published on https://t.co/iWZUjQIhC5
@WolfgangSesin
21 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3838 Improper Authorization Vulnerability in EOL OVA Connect Component Exposing Local Credentials https://t.co/pgluxdJ9Tb
@VulmonFeeds
21 Apr 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3838 An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal netwo… https://t.co/GgrnijMyhB
@CVEnew
21 Apr 2025
368 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes