Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3543", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2024-04-09T18:05:51.821Z", "datePublished": "2024-05-02T14:05:26.748Z", "dateUpdated": "2024-08-08T14:59:24.596Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "LoadMaster", "vendor": "Progress Software Corporation", "versions": [{"lessThan": "7.2.59.4", "status": "affected", "version": "LoadMaster 7.2.55.0 (GA)", "versionType": "semver"}, {"lessThan": "7.2.54.10", "status": "affected", "version": "LoadMaster 7.2.49.0 (LTSF)", "versionType": "semver"}, {"lessThan": "7.2.48.12", "status": "affected", "version": "LoadMaster 7.2.48.11 (LTS)", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Agenzia per la Cybersicurezza Nazionale (ACN)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nUse of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.\n\n"}], "value": "\nUse of reversible password encryption algorithm allows attackers to decrypt passwords.\u00a0 Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.\n\n"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37: Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-257", "description": "CWE-257: Storing Passwords in a Recoverable Format", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-05-07T11:59:41.919Z"}, "references": [{"tags": ["product"], "url": "https://kemptechnologies.com/"}, {"tags": ["vendor-advisory"], "url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"}], "source": {"discovery": "UNKNOWN"}, "title": "LoadMaster Reversible Password Encryption Algorithm", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.678Z"}, "title": "CVE Program Container", "references": [{"tags": ["product", "x_transferred"], "url": "https://kemptechnologies.com/"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"}]}, {"affected": [{"vendor": "kemptechnologies", "product": "loadmaster", "cpes": ["cpe:2.3:a:kemptechnologies:loadmaster:7.2.48.11\\(lts\\):*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.2.48.11\\(lts\\)", "status": "affected", "lessThan": "7.2.48.12", "versionType": "custom"}]}, {"vendor": "kemptechnologies", "product": "loadmaster", "cpes": ["cpe:2.3:a:kemptechnologies:loadmaster:7.2.49.0\\(ltsf\\):*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.2.49.0\\(ltsf\\)", "status": "affected", "lessThan": "7.2.54.10", "versionType": "custom"}]}, {"vendor": "kemptechnologies", "product": "loadmaster", "cpes": ["cpe:2.3:a:kemptechnologies:loadmaster:7.2.55.0\\(ga\\):*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.2.55.0\\(ga\\)", "status": "affected", "lessThan": "7.5.59.4", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-02T15:51:54.344919Z", "id": "CVE-2024-3543", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T14:59:24.596Z"}}]}}