Vulnerability Details CVE-2019-11019
Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/all_claim_detail.php?claim_id= URLs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2019-11019
-
cpe:2.3:h:ddrt:dashcom_live:-
-
cpe:2.3:o:ddrt:dashcom_live_firmware:2019-05-08