CVE-2019-12163

Опубликовано: 17 мая 2019

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request.

Ссылки

http://packetstormsecurity.com/files/152964/GAT-Ship-Web-Module-1.30-Information-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/May/32
Exploit
Mailing List
Third Party Advisory
https://seclists.org/fulldisclosure/2019/May/29
Exploit
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/152964/GAT-Ship-Web-Module-1.30-Information-Disclosure.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/May/32
Exploit
Mailing List
Third Party Advisory
https://seclists.org/fulldisclosure/2019/May/29
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gatship:web_module:*:*:*:*:*:*:*:*

Версия до 1.30 (включая)

EPSS

Процентиль: 78%

0.01156

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-8978-46xc-cxvr