Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-38491: CVE-2022-38491 - Excellium Services

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks.

CVE
Open in Source
#vulnerability#web#auth

Abstract Advisory Information

A part of the application is vulnerable to brute-force attack.

Author: Valentin Giannini & Alexis Pain

Version affected

Name: Easy Vista

Versions: 2020.2.125.3 & 2022.1.109.0.03

Common Vulnerability Scoring System

8.2

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Patch

<TBD>

References

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38491

Vulnerability Disclosure Timeline

  • 17/05/2022: Vulnerability discovery
  • 18/05/2022: Vulnerability Report to CERT-XLM
  • 19/05/2022: Vulnerability Report to Vendor through Contact Form
  • 24/05/2022: Vulnerability Report to Vendor through investigation at “[email protected]
  • 24/05/2022: Vulnerability Report to Vendor through Contact Form
  • 03/06/2022: Vulnerability Report to Vendor through investigation at “[email protected]
  • 03/06/2022: Vulnerability Report to Vendor through Contact Form
  • 03/06/2022: Vendor called, redirect us to support team
  • 08/07/2022: Vulnerability Report to Vendor through investigation at multiple contact point
  • 25/07/2022: Vulnerability Report sent to Vendor through multiple investigations at security contact point
  • 25/07/2022: Phonecall with Vendor
  • 19/08/2022: Updates asked to vendor through multiple investigations
  • 19/08/2022: Fix is ongoing
  • 20/08/2022: Request CVE ID to Mitre
  • 20/08/2022: CVE IDs assigned
  • 26/08/2022: Updates asked to vendor
  • 02/09/2022: Updates asked to vendor and CVE ID sent to vendor
  • 05/09/2022: Meeting with vendor to prepare the publication
  • 30/09/2022: Updates asked to vendor
  • 04/10/2022: Multiple calls attempts to the vendors
  • 14/11/2022: Expected Vulnerability disclosure

Our website uses cookies technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, to enable you to use the social media functionalities and assist with our promotional and marketing efforts, and provide content from third parties. You may choose to opt-out from all non-essential cookie or allow them for a better browsing experience. For more information on the use of cookies, Please check our Privacy Notice ACCEPT REJECT

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE