2024-04-10 19:07:42 +00:00
{
2024-05-02 15:00:37 +00:00
"data_version" : "4.0" ,
2024-04-10 19:07:42 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"CVE_data_meta" : {
"ID" : "CVE-2024-3543" ,
2024-05-02 15:00:37 +00:00
"ASSIGNER" : "security@progress.com" ,
"STATE" : "PUBLIC"
2024-04-10 19:07:42 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2024-05-02 15:00:37 +00:00
"value" : "\nUse of reversible password encryption algorithm allows attackers to decrypt passwords.\u00a0 Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.\n\n"
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-257: Storing Passwords in a Recoverable Format" ,
"cweId" : "CWE-257"
}
]
}
]
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "Progress Software Corporation" ,
"product" : {
"product_data" : [
{
"product_name" : "LoadMaster" ,
"version" : {
"version_data" : [
{
"version_value" : "not down converted" ,
"x_cve_json_5_version_data" : {
"versions" : [
{
"lessThan" : "7.2.59.4" ,
"status" : "affected" ,
"version" : "LoadMaster 7.2.55.0 (GA)" ,
"versionType" : "semver"
} ,
{
"lessThan" : "7.2.54.10" ,
"status" : "affected" ,
"version" : "LoadMaster 7.2.49.0 (LTSF)" ,
"versionType" : "semver"
} ,
{
"lessThan" : "7.2.48.12" ,
"status" : "affected" ,
"version" : "LoadMaster 7.2.48.11 (LTS)" ,
"versionType" : "semver"
}
] ,
"defaultStatus" : "affected"
}
}
]
}
}
]
}
}
]
}
} ,
"references" : {
"reference_data" : [
{
"url" : "https://kemptechnologies.com/" ,
"refsource" : "MISC" ,
"name" : "https://kemptechnologies.com/"
} ,
{
"url" : "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543" ,
"refsource" : "MISC" ,
"name" : "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
]
} ,
"generator" : {
"engine" : "Vulnogram 0.1.0-dev"
} ,
"source" : {
"discovery" : "UNKNOWN"
} ,
"credits" : [
{
"lang" : "en" ,
2024-05-07 12:00:34 +00:00
"value" : "Agenzia per la Cybersicurezza Nazionale (ACN)"
2024-05-02 15:00:37 +00:00
}
] ,
"impact" : {
"cvss" : [
{
"attackComplexity" : "HIGH" ,
"attackVector" : "ADJACENT_NETWORK" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 6.4 ,
"baseSeverity" : "MEDIUM" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"privilegesRequired" : "HIGH" ,
"scope" : "UNCHANGED" ,
"userInteraction" : "NONE" ,
"vectorString" : "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" ,
"version" : "3.1"
2024-04-10 19:07:42 +00:00
}
]
}
}
