HIGH🇵🇱 Wersja polska

CVE-2017-16609

CVSS 7.5v3.0pub. 2018-01-23upd. 2024-11-21

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Netgain Systems Enterprise Manager

    APP
    Netgain-Systems
    < 7.2.766
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2017-16610CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain En...

CVE-2017-17406CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain En...

CVE-2017-16608CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain En...

CVE-2017-16597CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Sy...

CVE-2017-17407CRITICAL9.8ten sam produkt

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Sy...