Описание
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths.
Ссылки
- Product
- ProductVendor Advisory
- ExploitThird Party Advisory
- Product
- ProductVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.15.0 (включая) до 4.29.0 (включая)
cpe:2.3:a:seling:visual_access_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.0031
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-209
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths.
EPSS
Процентиль: 54%
0.0031
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-209