PT-2021-10876 · Mv · Idce
Published
2021-07-20
·
Updated
2021-07-31
·
CVE-2020-23284
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MV's IDCE application version 1.0
Description
The issue allows an attacker to access internal and sensitive information without logging into the web application by copying and pasting aspx pages at the end of the URL application, which connects to the database.
Recommendations
For MV's IDCE application version 1.0, restrict access to aspx pages to minimize the risk of information disclosure. Consider implementing proper authentication and authorization mechanisms to prevent unauthorized access to sensitive information.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Idce