CVE-2017-16609 Vulnerability Details

  /     /     /  

CVE-2017-16609 Metadata Quick Info

CVE Published: 23/01/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: zdi | Vendor: NetGain Systems | Product: NetGain Systems Enterprise Manager
Status : PUBLISHED

---

CVE-2017-16609 Description

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-39
CWE Name: CWE-39-Path Traversal: C:dirname
Source: NetGain Systems

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).