CVE-2024-55557

CRITICAL

Weasis 4.5.1 - Info Disclosure

Title source: llm

Description

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.

Exploits (1)

nomisec WORKING POC 1 stars
by partywavesec · poc
https://github.com/partywavesec/CVE-2024-55557

References (4)

Scores

CVSS v3 9.8
EPSS 0.1688
EPSS Percentile 95.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Published Dec 16, 2024
Tracked Since Feb 18, 2026