PT-2019-15084 · Clipsoft · Clipsoft Rexpert

Published

2019-10-30

Updated

2019-11-01

CVE-2019-17321

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions ClipSoft REXPERT versions 1.0.0.527 and earlier

Description The issue is related to information disclosure. When a web page associated with a session is requested, it could potentially leak the username via the session file path in the HTTP response data. Notably, this issue can be exploited without requiring any authentication.

Recommendations For ClipSoft REXPERT versions 1.0.0.527 and earlier, consider restricting access to session-related web pages until a fix is available. As a temporary workaround, avoid using the session file path in HTTP responses to minimize the risk of username leakage. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2019-17321

Affected Products

Clipsoft Rexpert

PT-2019-15084 · Clipsoft · Clipsoft Rexpert

CVE-2019-17321

Weakness Enumeration

Related Identifiers

Affected Products

References · 3