CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-11741

NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.593

EPSS Ranking 98.1%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 5.0

References

http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt
http://packetstormsecurity.com/files/150610/NEC-Univerge-Sv9100-WebPro-6.00.00-Predictable-Session-ID-Cleartext-Passwords.html
http://seclists.org/fulldisclosure/2018/Dec/1
https://www.exploit-db.com/exploits/45942/
http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt
http://packetstormsecurity.com/files/150610/NEC-Univerge-Sv9100-WebPro-6.00.00-Predictable-Session-ID-Cleartext-Passwords.html
http://seclists.org/fulldisclosure/2018/Dec/1
https://www.exploit-db.com/exploits/45942/

Products affected by CVE-2018-11741

Nec » Univerge Sv9100 Webpro » Version: N/A

cpe:2.3:h:nec:univerge_sv9100_webpro:-
Nec » Univerge Sv9100 Webpro Firmware » Version: 6.00.00

cpe:2.3:o:nec:univerge_sv9100_webpro_firmware:6.00.00

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-11741

Products

Pricing

Contact Us