CVE-2025-10641 (CNNVD-202510-2764)
中文标题:
Work Examiner Professional 安全漏洞
英文标题:
Unencrypted cleartext communication in EfficientLab WorkExaminer Professional
漏洞描述
中文描述:
Work Examiner Professional是美国Work Examiner公司的一款员工电脑监控软件。 Work Examiner Professional存在安全漏洞,该漏洞源于监控客户端、控制台和服务器之间的流量以明文传输,可能导致攻击者读取敏感数据或修改传输数据。
英文描述:
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit their data to the server using the unencrypted FTP. Clients connect to the FTP server on port 12304 and transmit the data unencrypted. In addition, all traffic between the console client and the server at port 12306 is unencrypted.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| EfficientLab | WorkExaminer Professional | <= 4.0.0.52001 | - | - |
cpe:2.3:a:efficientlab:workexaminer_professional:<=_4.0.0.52001:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-10641 |
2025-11-11 15:23:02 | 2025-11-11 07:40:04 |
| NVD | nvd_CVE-2025-10641 |
2025-11-11 15:01:06 | 2025-11-11 07:47:55 |
| CNNVD | cnnvd_CNNVD-202510-2764 |
2025-11-11 15:12:30 | 2025-11-11 08:00:18 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202510-2764
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- references_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']