CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-2296

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.746

EPSS Ranking 98.8%

CVSS Severity

CVSS v3 Score 9.4

CVSS v2 Score 7.5

References

http://seclists.org/fulldisclosure/2016/May/52
https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01
https://www.exploit-db.com/exploits/39822/
http://seclists.org/fulldisclosure/2016/May/52
https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01
https://www.exploit-db.com/exploits/39822/

Products affected by CVE-2016-2296

Meteocontrol » Web'log Basic 100 » Version: N/A

cpe:2.3:a:meteocontrol:web'log_basic_100:-
Meteocontrol » Web'log Light » Version: N/A

cpe:2.3:a:meteocontrol:web'log_light:-
Meteocontrol » Web'log Pro » Version: N/A

cpe:2.3:a:meteocontrol:web'log_pro:-
Meteocontrol » Web'log Pro Unlimited » Version: N/A

cpe:2.3:a:meteocontrol:web'log_pro_unlimited:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-2296

Products

Pricing

Contact Us