Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Eliz Software
  • Panel
Elizsoftware
  • Panel

Configuration 1 [-]

cpe:2.3:a:elizsoftware:panel:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://www.usom.gov.tr/bildirim/tr-24-1497 cve-icon cve-icon
History

Wed, 24 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 12 Sep 2025 06:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00122}

 epss

{'score': 0.00144}

Fri, 04 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 Nov 2024 09:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N'}

Tue, 26 Nov 2024 15:45:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Tue, 26 Nov 2024 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

 cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}

Wed, 25 Sep 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Elizsoftware
Elizsoftware panel
CPEs cpe:2.3:a:elizsoftware:panel:*:*:*:*:*:*:*:*
Vendors & Products Elizsoftware
Elizsoftware panel
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 18 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Eliz Software
Eliz Software panel
CPEs cpe:2.3:a:eliz_software:panel:*:*:*:*:*:*:*:*
Vendors & Products Eliz Software
Eliz Software panel
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 18 Sep 2024 15:00:00 +0000

Type Values Removed Values Added
Description Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24.
Title Plaintext Storage of a Password in Eliz Software's Panel
Weaknesses CWE-256
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2024-09-18T14:49:32.180Z

Updated: 2025-09-24T14:08:24.164Z

Reserved: 2024-06-13T07:52:35.830Z

Link: CVE-2024-5960

cve-icon Vulnrichment

Updated: 2024-09-18T18:07:44.612Z

cve-icon NVD

Status : Modified

Published: 2024-09-18T15:15:18.740

Modified: 2025-09-12T07:15:34.163

Link: CVE-2024-5960

cve-icon Redhat

No data.