CVE-2017-15937

Published: Oct 27, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).

Affected (1)

Products: Artica: Pandora Fms

Artica

1 product

Pandora Fms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artica Pandora Fms	Version 7.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.