VDB-278211 · CVE-2024-9040 · GCVE-100-278211

code-projects Blood Bank Management System 1.0 Password Obelodanjivanje informacija

Otkrivena je ranjivost klasifikovana kao Problematiиno u code-projects Blood Bank Management System 1.0. Pogođeno je nepoznata funkcija u komponenti Password Handler. Manipulacija dovodi do Obelodanjivanje informacija. Korišćenjem CWE za opis problema dolazi se do CWE-313. Slabost je objavljena 09/20/2024. Ova ranjivost je poznata pod oznakom CVE-2024-9040. Za sprovođenje napada neophodan je lokalni pristup. Tehnički podaci nisu dostupni. Додатно, постоји доступан експлоит. Trenutna cena za eksploataciju može biti približno USD $0-$5k u ovom trenutku. Prema MITRE ATT&CK projektu, tehnika napada je T1555. Definisano je kao dokaz-of-koncept. Kao 0-day, očekivana cena na crnom tržištu bila je oko $0-$5k. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

4 Promene · 81 Tačke podataka

Polje	Kreirali 09/20/2024 10:37	Ažurira 1/3 09/21/2024 15:58	Ažurira 2/3 09/27/2024 05:02	Ažurira 3/3 09/28/2024 13:21
software_vendor	code-projects	code-projects	code-projects	code-projects
software_name	Blood Bank Management System	Blood Bank Management System	Blood Bank Management System	Blood Bank Management System
software_version	1.0	1.0	1.0	1.0
software_component	Password Handler	Password Handler	Password Handler	Password Handler
vulnerability_cwe	CWE-313	CWE-313	CWE-313	CWE-313
vulnerability_risk	1	1	1	1
cvss3_vuldb_av	L	L	L	L
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_pr	H	H	H	H
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	N	N	N	N
cvss3_vuldb_a	N	N	N	N
cvss3_vuldb_rc	R	R	R	R
exploit_availability	1	1	1	1
source_cve	CVE-2024-9040	CVE-2024-9040	CVE-2024-9040	CVE-2024-9040
cna_responsible	VulDB	VulDB	VulDB	VulDB
software_type	Banking Software	Banking Software	Banking Software	Banking Software
cvss2_vuldb_av	L	L	L	L
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_au	M	M	M	M
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	N	N	N	N
cvss2_vuldb_ai	N	N	N	N
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	L	L	L	L
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_pr	H	H	H	H
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	N	N	N	N
cvss4_vuldb_va	N	N	N	N
cvss2_vuldb_e	ND	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_e	X	X	X	X
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss4_vuldb_e	X	X	X	X
cvss2_vuldb_basescore	1.4	1.4	1.4	1.4
cvss2_vuldb_tempscore	1.3	1.3	1.3	1.3
cvss3_vuldb_basescore	2.3	2.3	2.3	2.3
cvss3_vuldb_tempscore	2.3	2.3	2.3	2.3
cvss3_meta_basescore	2.3	2.3	2.3	3.4
cvss3_meta_tempscore	2.3	2.3	2.3	3.4
cvss4_vuldb_bscore	4.6	4.6	4.6	4.6
cvss4_vuldb_btscore	4.6	4.6	4.6	4.6
advisory_date	1726783200 (09/20/2024)	1726783200 (09/20/2024)	1726783200 (09/20/2024)	1726783200 (09/20/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally.	A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally.	A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally.
cvss3_cna_av		L	L	L
cvss3_cna_ac		L	L	L
cvss3_cna_pr		H	H	H
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		L	L	L
cvss3_cna_i		N	N	N
cvss3_cna_a		N	N	N
cvss3_cna_basescore		2.3	2.3	2.3
cvss2_cna_av		L	L	L
cvss2_cna_ac		L	L	L
cvss2_cna_au		M	M	M
cvss2_cna_ci		P	P	P
cvss2_cna_ii		N	N	N
cvss2_cna_ai		N	N	N
cvss2_cna_basescore		1.4	1.4	1.4
cve_nvd_summaryes			En code-projects Blood Bank Management System 1.0 se ha detectado una vulnerabilidad clasificada como problemática. Afecta a una parte desconocida del componente Password Handler. La manipulación provoca el almacenamiento de texto plano en un archivo o en un disco. El ataque debe abordarse localmente.	En code-projects Blood Bank Management System 1.0 se ha detectado una vulnerabilidad clasificada como problemática. Afecta a una parte desconocida del componente Password Handler. La manipulación provoca el almacenamiento de texto plano en un archivo o en un disco. El ataque debe abordarse localmente.
cvss3_nvd_av				L
cvss3_nvd_ac				L
cvss3_nvd_pr				L
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				N
cvss3_nvd_a				N
cvss3_nvd_basescore				5.5

◂ Prethodne Pregled Sledeжi ▸

Interested in the pricing of exploits?

See the underground prices here!