Back to search
CVE-2022-3217
Published: Sep 16, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials.
| Vendor | Product | Versions |
|---|---|---|
n/a | VISAM VBASE | affected 11.7.0.2 |
References
https://www.tenable.com/security/research/tra-2022-31
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now