Vulnerability Details CVE-2019-11020
Lack of authentication in file-viewing components in DDRT Dashcom Live 2019-05-09 allows anyone to remotely access all claim details by visiting easily guessable dashboard/uploads/claim_files/claim_id_ URLs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2019-11020
-
cpe:2.3:h:ddrt:dashcom_live:-
-
cpe:2.3:o:ddrt:dashcom_live_firmware:2019-05-09