Main Vulnerability Database Vulnerabilities #VU18649

#VU18649 Information disclosure in CBAS Web - CVE-2019-10849

Published: May 31, 2019 / Updated: June 17, 2021

Vulnerability identifier: #VU18649

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2019-10849

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
CBAS Web

Software vendor:
Computrols

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an unprotected subversion directory. A remote attacker can download the entire firmware codebase and gain unauthorized access to sensitive information about the inner workings of the underlying OS.

Remediation

Install updates from vendor's website.

External links

https://applied-risk.com/index.php/download_file/view/196/165
https://applied-risk.com/labs/advisories

#VU18649 Information disclosure in CBAS Web - CVE-2019-10849

Description

Remediation

External links

Please verify you're human