CVE Catalog

CVE-2024-40583

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.52%

40th percentile - higher than 40% of all known CVEs

Summary

Pentaminds CuroVMS version 2.0.1 was found to have exposed credentials. This means authentication data (e.g., passwords, API keys) is stored or transmitted in a way that allows unauthorized reading.

Risk Assessment

The risk involves potential account takeover or access to sensitive data by an attacker who obtains the exposed credentials. This could lead to a breach of confidentiality and system integrity.

Recommendation

Immediately change all exposed credentials and review the system configuration for secure password storage. Implement encryption and secret management mechanisms.

Original NVD description (English source)

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS