EUVD-2026-23508CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionNVD
Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.
AnalysisAI
Anviz CrossChex Standard time and attendance software transmits database credentials in plaintext when attackers downgrade TDS7 PreLogin protocol encryption, enabling remote unauthenticated access to backend databases containing employee data and access control records. CVSS 7.5 (High) with network attack vector and no prerequisites. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: inventory all Anviz CrossChex Standard deployments and document affected systems, credentials, and connected databases; isolate affected systems from untrusted networks where feasible. Within 7 days: contact Anviz support for patch availability and timeline; implement network segmentation to restrict TDS7 protocol traffic to trusted administrative networks only; rotate all database credentials used by CrossChex systems. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today