CVE-2024-28275

{"id": "CVE-2024-28275", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-04-03T15:15:54.490", "references": [{"url": "https://paste.sr.ht/~edaigle/0b4a037fbd3166c8c72fee18efaa7decaf75b0ab", "source": "cve@mitre.org"}, {"url": "https://paste.sr.ht/~edaigle/c9637d682b65e6501efb1324bba7787a2f775ff4", "source": "cve@mitre.org"}, {"url": "https://paste.sr.ht/~edaigle/0b4a037fbd3166c8c72fee18efaa7decaf75b0ab", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://paste.sr.ht/~edaigle/c9637d682b65e6501efb1324bba7787a2f775ff4", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests."}, {"lang": "es", "value": "Se descubri\u00f3 que Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) transmite informaci\u00f3n confidencial en texto sin cifrar. Esta vulnerabilidad permite a los atacantes interceptar y acceder a informaci\u00f3n confidencial, incluidas las credenciales de los usuarios y las solicitudes de cambio de contrase\u00f1a."}], "lastModified": "2024-11-21T09:06:07.413", "sourceIdentifier": "cve@mitre.org"}