Описание
WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:workforceroi:xpede:4.1:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01174
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack.
EPSS
Процентиль: 78%
0.01174
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other