CVE-2024-25654 — MEDIUM (5.5)

Vulnerability Description

Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Avsystem	Unified Management Platform	23.07.0.16567

Related Weaknesses (CWE)

CWE-532 CWE-276

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25654ExploitThird Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25654ExploitThird Party Advisory

FAQ

What is CVE-2024-25654?

CVE-2024-25654 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate...

How severe is CVE-2024-25654?

CVE-2024-25654 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-25654?

Check the references section above for vendor advisories and patch information. Affected products include: Avsystem Unified Management Platform.