CVE-2017-20217

Sažetak

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieve potentially sensitive configuration data without authentication.

Reference

http://www.securitylab.ru/poc/486048.php
https://blogs.securiteam.com/index.php/archives/3094
https://cxsecurity.com/issue/WLB-2017050022
https://exchange.xforce.ibmcloud.com/vulnerabilities/125646
https://packetstormsecurity.com/files/142383
https://www.exploit-db.com/exploits/41958/
https://www.vulncheck.com/advisories/serviio-pro-rest-api-information-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5404.php

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

16-03-2026 - 14:53

Objavljeno

16-03-2026 - 14:17