CVE-2023-4384

MEDIUM Year: 2023
CVSS v3 Score
5.9
Medium
CVSS v2 Score
2.6
Low
Weakness Type
CWE-311
View all →

Vulnerability Description

A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-10597

MEDIUM
CVSS:5.9(Medium)

cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2016-10613

MEDIUM
CVSS:5.9(Medium)

bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2016-10630

MEDIUM
CVSS:5.9(Medium)

install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2017-16041

MEDIUM
CVSS:5.9(Medium)

ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112017

CVE-2017-6297

MEDIUM
CVSS:5.9(Medium)

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain ...

CWE-3112017

CVE-2017-9045

MEDIUM
CVSS:5.9(Medium)

The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof F...

CWE-3112017