Openconcerto
Monthly
ILM Informatique OpenConcerto 1.7.5 stores sensitive passwords in plaintext, allowing authenticated local users to retrieve embedded credentials with low complexity. The vulnerability enables information disclosure of authentication data accessible via local file access, confirmed by CISA SSVC framework as having partial technical impact but no evidence of active exploitation.
Incorrect permission assignment in OpenConcerto 1.7.5 enables local authenticated users with UI interaction to modify critical binary files, potentially allowing privilege escalation or persistent code execution through binary replacement. CVSS score of 2.4 (Low) reflects the local-only attack vector and requirement for user interaction, though the vulnerability creates a persistent integrity risk for affected deployments.
ILM Informatique OpenConcerto 1.7.5 stores sensitive passwords in plaintext, allowing authenticated local users to retrieve embedded credentials with low complexity. The vulnerability enables information disclosure of authentication data accessible via local file access, confirmed by CISA SSVC framework as having partial technical impact but no evidence of active exploitation.
Incorrect permission assignment in OpenConcerto 1.7.5 enables local authenticated users with UI interaction to modify critical binary files, potentially allowing privilege escalation or persistent code execution through binary replacement. CVSS score of 2.4 (Low) reflects the local-only attack vector and requirement for user interaction, though the vulnerability creates a persistent integrity risk for affected deployments.