Vulnerability Details CVE-2017-15937
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2017-15937
-
cpe:2.3:a:artica:pandora_fms:7.0