CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-16609

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.047

EPSS Ranking 88.9%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://www.tenable.com/security/research/tra-2018-02
https://zerodayinitiative.com/advisories/ZDI-17-951
https://www.tenable.com/security/research/tra-2018-02
https://zerodayinitiative.com/advisories/ZDI-17-951

Products affected by CVE-2017-16609

Netgain-Systems » Enterprise Manager » Version: 7.2.699

cpe:2.3:a:netgain-systems:enterprise_manager:7.2.699
Netgain-Systems » Enterprise Manager » Version: 7.2.730

cpe:2.3:a:netgain-systems:enterprise_manager:7.2.730

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-16609

Products

Pricing

Contact Us