CVE-2019-20047

Name of the Vulnerable Software and Affected Versions Alcatel-Lucent OmniVista 4760 versions prior to 4.1.2 Alcatel-Lucent OmniVista 8770 versions prior to 4.1.2

Description An issue was discovered that allows a remote unauthenticated attacker to retrieve the content of its own session files due to an incorrect web server configuration. Each session file contains administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess .

Recommendations For Alcatel-Lucent OmniVista 4760 versions prior to 4.1.2, update to version 4.1.2 or later. For Alcatel-Lucent OmniVista 8770 versions prior to 4.1.2, update to version 4.1.2 or later.