CVE-2011-4737

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.2.0 build 20110407.20

Description The issue allows remote attackers to obtain sensitive information by sniffing the network. This is demonstrated by password handling in the client@2/domain@1/odbc/dsn@1/properties/ API endpoint. The password is included within an HTTP response body, making it accessible to attackers.

Recommendations For Parallels Plesk Panel version 10.2.0 build 20110407.20, consider restricting access to the client@2/domain@1/odbc/dsn@1/properties/ API endpoint until a fix is available. As a temporary workaround, avoid using this endpoint to minimize the risk of sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this issue.