11 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 • CWE-261: Weak Encoding for Password CWE-522: Insufficiently Protected Credentials •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

An unauthorized user could possibly delete any file on the system. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An unauthorized user could alter or write files with full control over the path and content of the file. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 •