Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext: Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000A000000DD, Server/data/base/16384/18617, and Server/data/base/17202/8708746. This causes the password to be displayed as cleartext in the HTML code as roomsreservationimport_password in /urve/roomsreservationimport/roomsreservationimport/update-HTML5.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Urve 信息泄露漏洞
Vulnerability Description
Urve是英国Urve公司的一个用于预约会议室/客房的设备。该设备可支持与MS Exchange,Lotus,Office 365,Google日历和其他系统的集成用于支持会议室、客房的预定。 URVE Build 24.03.2020 存在安全漏洞,该漏洞源于集成用户帐户的密码(用于连接MS Office 365集成服务)以明文形式存储在配置文件和数据库中。以下产品及版本受到影响:Profiles/urve/files/sql_db.backup, Server/data/pg_wal/00000001
CVSS Information
N/A
Vulnerability Type
N/A