What the vulnerability does
01Description
Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys.
CVE-2024-39287
MEDIUM
CVE-2024-39287: Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor
CVSS base score
5.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
August 8, 2024
CVE published
August 8, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2022-39013
CVE-2023-1263 CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure
CVE-2022-31221
CVE-2025-59214 Microsoft Windows File Explorer Spoofing Vulnerability
CVE-2024-11291 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.13.4 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
