PT-2016-5099 · Meteocontrol · Meteocontrol Web'Log

Karn Ganeshen

Published

2016-05-14

Updated

2017-09-07

CVE-2016-2296

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Meteocontrol WEB'log versions Basic 100, Light, Pro, and Pro Unlimited

Description The issue allows remote attackers to obtain sensitive information or modify data without requiring authentication for "post-admin" login pages.

Recommendations For Meteocontrol WEB'log versions Basic 100, Light, Pro, and Pro Unlimited, consider implementing proper authentication mechanisms for "post-admin" login pages to prevent unauthorized access until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

CVE-2016-2296

Affected Products

Meteocontrol Web'Log

PT-2016-5099 · Meteocontrol · Meteocontrol Web'Log

CVE-2016-2296

Weakness Enumeration

Related Identifiers

Affected Products

References · 5