CVE-2008-3503

Sažetak

RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict view access to Collaboration System (CS) RSS feeds, which allows remote attackers to obtain sensitive information (CS data).

Reference

http://secunia.com/advisories/30782
http://www.securityfocus.com/bid/29927
http://www.vupen.com/english/advisories/2008/1932/references
http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/
http://www.webgui.org/getwebgui/advisories/webgui-7_5_13-beta-released
https://exchange.xforce.ibmcloud.com/vulnerabilities/43344

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

08-08-2017 - 01:31

Objavljeno

06-08-2008 - 18:41