CVE-2024-56902

High

Published: 03 February 2025

Published

03 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.2649 96.3th percentile

Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Description

Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password.

Security Summary

CVE-2024-56902 is an information disclosure vulnerability in the Geovision GV-ASManager web application, affecting versions v6.1.0.0 and earlier. Classified under CWE-200, the issue enables the exposure of account information, including cleartext passwords. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with network accessibility and no prerequisites for authentication or user interaction.

A remote, unauthenticated attacker can exploit this vulnerability by accessing the affected web application over the network. Exploitation requires low complexity and no user interaction, allowing the attacker to retrieve sensitive account details, such as usernames and plaintext passwords, which could facilitate unauthorized access to the GV-ASManager system or related resources.

Mitigation guidance and additional technical details are available in the advisory published on GitHub at https://github.com/DRAGOWN/CVE-2024-56902.

Details

CWE(s): CWE-200

References

https://github.com/DRAGOWN/CVE-2024-56902
cve@mitre.org