CVE-2024-6118 CRITICAL

CVE-2024-6118: Hamastar MeetingHub Paperless Meetings - Plaintext Storage of a Password

Vendor Hamastar Technology
Product MeetingHub Paperless Meetings
Weakness CWE-256
Published August 5, 2024
Last update August 5, 2024

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.

Key dates

02Disclosure timeline

August 5, 2024 CVE published
August 5, 2024 Record updated