Vulnerabilities > Nchsoftware > Express Accounts

DATE CVE VULNERABILITY TITLE RISK
2020-12-28 CVE-2020-13474 Improper Privilege Management vulnerability in Nchsoftware Express Accounts 8.24
In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.
network
low complexity
nchsoftware CWE-269
4.0
2020-12-28 CVE-2020-13473 Cleartext Storage of Sensitive Information vulnerability in Nchsoftware Express Accounts 8.24
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.
local
low complexity
nchsoftware CWE-312
2.1