CVE-2019-16061

Name of the Vulnerable Software and Affected Versions NETSAS Enigma NMS server versions 65.0.0 and prior

Description The issue allows any low privileged user with access to the system to read sensitive data and create/modify/delete content within the operating system due to weak world-readable and world-writable permissions on a number of files. This can include reading sensitive data, such as .htpasswd, and modifying content under directories like /var/www/html/docs.

Recommendations For versions 65.0.0 and prior, restrict access to sensitive files and directories, such as /var/www/html/docs, to prevent unauthorized reading, creation, modification, or deletion of content. Consider changing the permissions of these files and directories to prevent world-readable and world-writable access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.