CVE-2024-39341

MEDIUM Year: 2024
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-290
View all →

Vulnerability Description

Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file (i.e. WebAPI.cfg.xml) after the installation process. This file can be accessed without authentication on HTTP port 80 by guessing the correct IIS webroot path. It includes system configuration parameter names and values with sensitive configuration values encrypted.

Related Vulnerabilities

CVE-2013-5661

MEDIUM
CVSS:5.9(Medium)

Cache Poisoning issue exists in DNS Response Rate Limiting.

CWE-2902013

CVE-2019-1318

MEDIUM
CVSS:5.9(Medium)

A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'.

CWE-2902019

CVE-2021-21310

MEDIUM
CVSS:5.9(Medium)

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Pri...

CWE-2902021

CVE-2021-40823

MEDIUM
CVSS:5.9(Medium)

A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryptio...

CWE-2902021

CVE-2021-40824

MEDIUM
CVSS:5.9(Medium)

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an...

CWE-2902021