CVE-2019-17321

Published: Oct 30, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required.

Affected (1)

Products: Clipsoft: Rexpert

Clipsoft

1 product

Rexpert

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Clipsoft Rexpert	Up to 1.0.0.527

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184

Source: vuln@krcert.or.kr

Third Party Advisory

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.