exploitDog

CVE-2015-7902

Опубликовано: 28 окт. 2015

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.

Ссылки

https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02
Patch
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02
Patch
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.09487

Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-q54q-49gp-h395

github

больше 3 лет назад

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.

EPSS

Процентиль: 93%

0.09487

Низкий

5 Medium

CVSS2

Дефекты

CWE-200