CVE-2019-17503

Name of the Vulnerable Software and Affected Versions Kirona Dynamic Resource Scheduling (DRS) version 5.5.3.5

Description An issue in Kirona Dynamic Resource Scheduling (DRS) allows an unauthenticated user to access the "/osm/REGISTER.cmd" (also known as "/osm tiles/REGISTER.cmd") endpoint directly. This endpoint contains sensitive information about the database through SQL queries within the batch file, exposing details such as database version, table name, and column name.

Recommendations For version 5.5.3.5, consider restricting access to the "/osm/REGISTER.cmd" endpoint to prevent unauthorized users from accessing sensitive database information. As a temporary workaround, restrict access to this endpoint until a patch is available.