CVE-2024-25654

Published: Mar 18, 2024Modified: Mar 14, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database.

Affected (1)

Products: Avsystem: Unified Management Platform

1 product

Unified Management Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avsystem Unified Management Platform	Version 23.07.0.16567

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25654

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25654

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.