The version of Dorsett Controls InfoScan running on the remote host is prior to 1.38. It is, therefore, affected by multiple vulnerabilities: Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys. (CVE-2024-39287) The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure. (CVE-2024-42408) Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login. (CVE-2024-42493) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More