CVE-2024-6118

CRITICAL

Hamastar MeetingHub Paperless Meetings 2021 - Info Disclosure

Title source: llm

Description

A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.

References (1)

[Third Party Advisory] https://zuso.ai/advisory/za-2024-03

Scores

CVSS v3 9.1

EPSS 0.0015

EPSS Percentile 34.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-522 CWE-256

Status published

Products (1)

hamastar/meetinghub_paperless_meetings 2021

Published Aug 05, 2024

Tracked Since Feb 18, 2026