References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

CERT VDE AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CERT VDE CWE-319

	
		
		
	
	
		
			
				
					

	
		
		
	
	
		


			
				
					An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based
management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as only non-sensitive information can be obtained but the availability can be seriously affected. 











			


		


	

CERT VDE https://cert.vde.com/en/advisories/VDE-2024-019 [No types assigned]