Meetinghub Paperless Meetings
CVE-2024-6118
CRITICAL
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (zuso) · only source for this CVE.
CVSS VectorVendor: zuso
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.
AnalysisAI
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-256. A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file. Affected products include: Hamastar Meetinghub Paperless Meetings.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
HAMASTAR MeetingHub has an arbitrary file upload vulnerability allowing unauthenticated remote attackers to upload web s
A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Pa
MeetingHub Paperless Meetings contains an arbitrary file read vulnerability that enables unauthenticated remote attacker
Meetinghub Paperless Meetings is affected by missing authentication for critical function (CVSS 5.3).
Same weakness CWE-256 – Plaintext Storage of a Password
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today