Vulnerability CVE-2014-10079


Published: 2019-02-23

Description:
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Vembu Storegrid Web Interface 4.4.0 Cross Site Scripting / Information Disclosure
Gionathan Reale
16.03.2019

Type:

CWE-200

(Information Exposure)

Vendor: Vembu
Product: Storegrid 
Version: 4.4;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://cxsecurity.com/issue/WLB-2018120091
https://packetstormsecurity.com/files/127786/Vembu-Backup-Disaster-Recovery-6.1-Follow-Up.html
https://seclists.org/fulldisclosure/2014/Aug/8
https://www.exploit-db.com/exploits/46549/

Copyright 2019, cxsecurity.com

 

Back to Top