PT-2014-6297 · Innovative Interfaces · Innovative Interfaces Encore Discovery Solution

Publicado

2014-08-29

Atualizado

2018-10-09

CVE-2014-5128

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Innovative Interfaces Encore Discovery Solution version 4.3

Description The issue allows remote attackers to potentially obtain sensitive information via unspecified vectors, as the session token is placed in the URI.

Recommendations For Innovative Interfaces Encore Discovery Solution version 4.3, consider removing the session token from the URI as a mitigation measure. At the moment, there is no information about a newer version that contains a fix for this issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2014-5128

Produtos afetados

Innovative Interfaces Encore Discovery Solution

PT-2014-6297 · Innovative Interfaces · Innovative Interfaces Encore Discovery Solution

CVE-2014-5128

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5