- Description
- In Secure Access 12.70 and prior to 14.20, the logging subsystem may write an unredacted authentication token to logs under certain configurations. Any party with access to those logs could read the token and reuse it to access an integrated system.
- Source
- SecurityResponse@netmotionsoftware.com
- NVD status
- Analyzed
- Products
- secure_access
CVSS 4.0
- Type
- Secondary
- Base score
- 4.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 3.4
- Impact score
- 2.5
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
- Severity
- LOW
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-532
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3C9C13-5E04-471A-8CAA-C09B049F420F",
"versionEndExcluding": "14.20",
"versionStartIncluding": "12.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]