Описание
Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Product
- Third Party Advisory
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 23.1 (исключая)
cpe:2.3:a:advent:tamale_rms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00213
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 5.3
github
больше 2 лет назад
Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. The configuration backup file, which contains username hashes, cleartext passwords, and API keys, can be downloaded. This could allow a malicious actor to crack the passwords offline and/or utilize the API keys to control the remote application.
EPSS
Процентиль: 44%
0.00213
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-22
CWE-22