Vulnerability: Password Exposure in CMDBuild Temporary Log Table

Vulnerability: Password Exposure in CMDBuild Temporary Log Table

CVE-2022-25518 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table.

Learn more about our User Device Pen Test.