RSS   Vulnerabilities for 'M3 atm monitoring system'   RSS

2020-12-10
 
CVE-2020-29667

CWE-613
 

 
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.

 
 
CVE-2020-29666

NVD-CWE-Other
 

 
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.

 


Copyright 2024, cxsecurity.com

 

Back to Top