CVE-2020-7959

Name of the Vulnerable Software and Affected Versions LabVantage LIMS version 8.3

Description The issue concerns the exposure of database names through the web application, potentially allowing an attacker to enumerate database names by manipulating requests. For instance, providing a non-existent database name in a request may yield an 'Unrecognized Database' exception message, indicating the database does not exist.

Recommendations For LabVantage LIMS version 8.3, consider restricting access to the web application to minimize the risk of database name enumeration until a proper fix is implemented. Additionally, avoid using the database name in requests to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.