Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using the application's editor to change the expected SFTP Host IP to a malicious host, and then using the Check Connectivity option. The application then sends these saved credentials to the malicious host.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TreasuryXpress 安全漏洞
Vulnerability Description
TreasuryXpress 19191105中存在安全漏洞。攻击者可通过使用该应用程序编辑器将该正确的SFTP Host IP修改成恶意的主机IP利用该漏洞获取存储的凭证。
CVSS Information
N/A
Vulnerability Type
N/A