Lucene search

[email protected]CVE-2008-5678

HistoryDec 19, 2008 - 1:52 a.m.

CVE-2008-5678

2008-12-1901:52:58

CWE-20

[email protected]

web.nvd.nist.gov

fdi

olib7

webview

infile parameter

sensitive information

file disclosure

security vulnerability

cve-2008-5678

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

66.2%

JSON

Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) text.ini files.

Affected configurations

NVD

Node

fdgroupolib7_webviewMatch2.5.1.1

CPENameOperatorVersion
fdgroup:olib7_webviewfdgroup olib7 webvieweq2.5.1.1

CPE	Name	Operator	Version
fdgroup:olib7_webview	fdgroup olib7 webview	eq	2.5.1.1

References

securityreason.com/securityalert/4790

www.securityfocus.com/bid/31544

exchange.xforce.ibmcloud.com/vulnerabilities/45638

www.exploit-db.com/exploits/6653

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

66.2%

JSON

Related for CVE-2008-5678

nvd1 cvelist1 prion1