CVE-2023-4384
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk27th percentile — higher than 27% of all known CVEs
Summary
A vulnerability has been found in MaximaTech Portal Executivo version 21.9.1.140, affecting unknown code of the Cookie Handler component. The manipulation leads to missing encryption of sensitive data.
Risk Assessment
This vulnerability may allow remote attacks on sensitive data, but due to the high complexity of the attack, exploitation may be difficult.
Recommendation
It is recommended to update to the latest version of the software and monitor the system for unauthorized access attempts.
Original NVD description (English source)
A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

