PT-2020-13383 · Sysax · Sysax Multi Server
Wrongsid3
·
Published
2020-06-02
·
Updated
2020-06-02
·
CVE-2020-13227
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Sysax Multi Server version 6.90
Description
An issue allows an attacker to determine the username under which the web server is running by triggering an invalid path permission error, bypassing the fakepath protection mechanism.
Recommendations
For Sysax Multi Server version 6.90, consider restricting access to sensitive paths to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sysax Multi Server