PT-2020-9416 · Ozw672+1 · Ozw672+1
Maxim Rupp
·
Published
2020-02-11
·
Updated
2021-11-01
·
CVE-2019-13941
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
OZW672 versions prior to V10.00
OZW772 versions prior to V10.00
Description:
A security issue has been identified where vulnerable versions of OZW Web Server use predictable path names for project files created by authenticated users through the export function. This allows a remote attacker to download project files without authentication by accessing a specific uniform resource locator on the web server. The issue can be exploited by an unauthenticated attacker with network access, without requiring any user interaction. Successful exploitation compromises the confidentiality of the targeted system.
Recommendations:
For OZW672 versions prior to V10.00, update to version V10.00 or later to resolve the issue.
For OZW772 versions prior to V10.00, update to version V10.00 or later to resolve the issue.
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ozw672
Ozw772