exploitDog

CVE-2018-17287

Опубликовано: 18 апр. 2019

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end "download" feature, as demonstrated by an mfp.password downloadsettingvalue operation.

Ссылки

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17287-Information%20Disclosure-Kofax
Exploit
Third Party Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17287-Information%20Disclosure-Kofax
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kofax:front_office_server:4.1.1.11.0.5212:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.0007

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-311

Связанные уязвимости

GHSA-pjpc-vgm9-wp5g

CVSS3: 4.9

github

больше 3 лет назад

In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, some fields, such as passwords, are obfuscated in the front-end, but the cleartext value can be exfiltrated by using the back-end "download" feature, as demonstrated by an mfp.password downloadsettingvalue operation.

EPSS

Процентиль: 22%

0.0007

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-311