{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T17:41:30.368","vulnerabilities":[{"cve":{"id":"CVE-2022-47561","sourceIdentifier":"cve-coordination@incibe.es","published":"2023-09-20T08:15:15.380","lastModified":"2024-11-21T07:32:11.913","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cve-coordination@incibe.es","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"The web application stores credentials in clear text in the \"admin.xml\" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions."},{"lang":"es","value":"** NO COMPATIBLE CUANDO ESTÁ ASIGNADO ** La aplicación web almacena las credenciales en texto sin cifrar en el archivo \"admin.xml\", al que se puede acceder sin iniciar sesión en el sitio web, lo que podría permitir a un atacante obtener credenciales relacionados con todos los usuarios, incluidos los usuarios administradores. , en texto claro, y utilizarlos para ejecutar posteriormente acciones maliciosas."}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-256"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ormazabal:ekorccp_firmware:601j:*:*:*:*:*:*:*","matchCriteriaId":"3A8F0358-F8FA-4AEB-B88E-C56E2E965B7B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ormazabal:ekorccp:-:*:*:*:*:*:*:*","matchCriteriaId":"77B2D423-E767-495C-93C7-4C4B724BE3E3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ormazabal:ekorrci_firmware:601j:*:*:*:*:*:*:*","matchCriteriaId":"34615054-34DD-469E-80FC-F5C3F74850AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ormazabal:ekorrci:-:*:*:*:*:*:*:*","matchCriteriaId":"C5E73387-2229-4A85-A3A7-A0A2C1D74EA6"}]}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products","source":"cve-coordination@incibe.es","tags":["Third Party Advisory"]},{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}