Vulnerabilities > Ecoa
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-30 | CVE-2021-41300 | Insufficiently Protected Credentials vulnerability in Ecoa products ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality. | 9.8 |
| 2021-09-30 | CVE-2021-41301 | Authorization Bypass Through User-Controlled Key vulnerability in Ecoa products ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. | 9.8 |
| 2021-09-30 | CVE-2021-41302 | Cleartext Storage of Sensitive Information vulnerability in Ecoa products ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege. | 7.3 |