CVE-2019-17321

Name of the Vulnerable Software and Affected Versions ClipSoft REXPERT versions 1.0.0.527 and earlier

Description The issue is related to information disclosure. When a web page associated with a session is requested, it could potentially leak the username via the session file path in the HTTP response data. Notably, this issue can be exploited without requiring any authentication.

Recommendations For ClipSoft REXPERT versions 1.0.0.527 and earlier, consider restricting access to session-related web pages until a fix is available. As a temporary workaround, avoid using the session file path in HTTP responses to minimize the risk of username leakage. At the moment, there is no information about a newer version that contains a fix for this issue.