CVE-2017-16609

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750.

Published: Jan 23, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-16609
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
netgain-systems / enterprise_manager	-	7.2.766

https://www.tenable.com/security/research/tra-2018-02
https://zerodayinitiative.com/advisories/ZDI-17-951

Vulnerability Database

289,599

CVE-2017-16609