A vulnerability in the “Backup & Restore” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to access secret information via multiple crafted HTTP requests.
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.