CVE-2024-55557
CRITICAL EPSS 67.7%
Published Dec 16, 20241y ago ยท Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Published Dec 16, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
67.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-798 Use of Hard-coded Credentials Authentication
References 4
- apps.microsoft.com https://apps.microsoft.com/detail/9nhtv46lg4nh?hl=en-us&gl=US
- github.com https://github.com/nroduit/Weasis/releases/tag/v4.5.1
- github.com https://github.com/partywavesec/CVE-2024-55557
- partywave.site https://www.partywave.site/show/research/CVE-2024-55557%20-%20Weasis%204.5.1
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.