CVE-2019-19539

Name of the Vulnerable Software and Affected Versions Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ Idelji Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR Idelji Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF

Description An issue was discovered in Idelji Web ViewPoint products. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen.

Recommendations For Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, restrict access to the ADB and AADB files within the Installation subvolume to prevent unauthorized password discovery. For Idelji Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, consider disabling the feature that allows Guardian users to read ADB and AADB file content until a patch is available. For Idelji Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF, avoid using the WVP Events screen to acknowledge events until the issue is resolved.