Описание
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.
Ссылки
- Product
- Product
- Product
- Product
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:virtosoftware:sharepoint_bulk_file_download:5.5.44:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00252
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-22
CWE-200
Связанные уязвимости
CVSS3: 5.3
github
больше 1 года назад
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.
EPSS
Процентиль: 48%
0.00252
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-22
CWE-200