Main Vulnerability Database Vulnerabilities #VU33357

Missing Encryption of Sensitive Data - CVE-2019-16062

Published: March 19, 2020 / Updated: August 4, 2020

Vulnerability identifier: #VU33357

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-16062

CWE-ID: CWE-311

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data.

How to mitigate CVE-2019-16062

Install update from vendor's website.

Sources

https://www.mogozobo.com/?p=3647

Missing Encryption of Sensitive Data - CVE-2019-16062

Detailed vulnerability description

How to mitigate CVE-2019-16062

Sources

Please verify you're human