Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unprotected Transport of Credentials (HSTS) Vulnerability
Vulnerability Description
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
敏感数据的明文传输
Vulnerability Title
SolarWinds Engineer Toolset 安全漏洞
Vulnerability Description
SolarWinds Engineer Toolset是美国SolarWinds公司的一个网络软件包。可以帮助您发现、配置、监控和排除网络故障。 SolarWinds Engineer Toolset 2020.2.6 HF4版本存在安全漏洞,该漏洞源于其无法阻止用户通过未加密的连接连接到它。能够修改合法用户网络流量的攻击者可以绕过应用程序使用的SSL/TLS加密,并将应用程序作为攻击其用户的平台。
CVSS Information
N/A
Vulnerability Type
N/A