| CVE | CVE-2023-26462 |
| CVE Title | |
| Published Date | 2023-02-23T06:15Z |
| Modified Date | 2023-03-03T02:29Z |
| CWE Type | CWE-798 |
| CVSS 3.x | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Description | ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.) |
| References | |
| By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
| Reference URL | https://thingsboard.io/docs/reference/releases/ |
| Reference Description | MISC https://thingsboard.io/docs/reference/releases/ |
| Reference URL | https://exchange.xforce.ibmcloud.com/vulnerabilities/238544 |
| Reference Description | MISC https://exchange.xforce.ibmcloud.com/vulnerabilities/238544 |
| Tags | Release Notes |
| Sources | NIST MITRE |
