PT-2017-14491 · Netgain · Netgain Enterprise Manager
Jacob Baines
·
Publicado
2017-12-13
·
Atualizado
2019-10-09
·
CVE-2017-16607
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Netgain Enterprise Manager (affected versions not specified)
Description
This issue allows remote attackers to disclose sensitive information on vulnerable installations. Authentication is not required to exploit this. The specific flaw exists within the
heapdumps.jsp page. The issue results from the lack of proper validation of a user-supplied string before using it to download heap memory dump. An attacker can leverage this in conjunction with other issues to disclose sensitive information in the context of the current process.Recommendations
At the moment, there is no information about a newer version that contains a fix for this issue.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Netgain Enterprise Manager