CVE-2019-7667

Name of the Vulnerable Software and Affected Versions Prima Systems FlexAir versions 2.3.38 and prior

Description The application generates database backup files with a predictable name, allowing an attacker to use brute force to identify the database backup file name. This can be exploited to download the database file, disclose login information, and bypass authentication, resulting in full access to the system.

Recommendations For versions 2.3.38 and prior, as a temporary workaround, consider restricting access to the database backup files until a patch is available. To fully resolve the issue, update to a version later than 2.3.38, which should include a fix for the predictable database backup file name generation.