216.73.217.86

CVE-2026-48242

· Published 21/05/2026 18:16 · Modified 21/05/2026 19:10

Labels: CVE-2026-48242 2026-05-21CVE-2026-48242CWE-798[email protected]

Essential information

Published
21/05/2026 18:16
Modified
21/05/2026 19:10
Author
Creator
CVSS
9.2 CRITICAL (v3) 9.2 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values that may match deployed installations.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ises / ises tickets cpe:2.3:a:ises:ises_tickets:<3.44.2:*:*:*:*:*:*:*

References