Описание
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.
Ссылки
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ericssonlg:ipecs_nms:a.1ac:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04526
Низкий
8.8 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 8.8
github
около 3 лет назад
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.
EPSS
Процентиль: 89%
0.04526
Низкий
8.8 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-522