HIGH🇬🇧 English

CVE-2017-16609

CVSS 7.5v3.0pub. 2018-01-23upd. 2024-11-21

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Netgain Systems Enterprise Manager

    APP
    Netgain-Systems
    < 7.2.766
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2017-16610CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain En...

CVE-2017-17406CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain En...

CVE-2017-16608CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain En...

CVE-2017-16597CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Sy...

CVE-2017-17407CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Sy...