← Back

CVE-2011-1103

nvd nist
Published: Feb 25, 2011Modified: Apr 29, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html.

Affected (10)

F Secure
1 product
Policy Manager
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
F Secure
Policy Manager
Version 7.00
Policy Manager
Version 8.00 hotfix1
Policy Manager
Version 8.1x hotfix1
Policy Manager
Version 8.1x hotfix2
Policy Manager
Version 9.00 hotfix1
Policy Manager
Version 9.00 hotfix2
Policy Manager
Version 9.00 hotfix3
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
F Secure
Policy Manager
Version 8.00 hotfix1
Policy Manager
Version 8.1x hotfix1
Policy Manager
Version 9.00 hotfix1

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.