CVE-2015-7902

2015-10-2810:59:22

CWE-200

icscert

web.nvd.nist.gov

cve-2015-7902

infinite automation

mango automation

remote attack

sensitive information

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

69.9%

JSON

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.

Affected configurations

Nvd

Node

infinite_automation_systemsmango_automationMatch2.5.0

infinite_automation_systemsmango_automationMatch2.5.5

infinite_automation_systemsmango_automationMatch2.6.0

VendorProductVersionCPE
infinite_automation_systemsmango_automation2.5.0cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:*:*:*:*:*:*:*
infinite_automation_systemsmango_automation2.5.5cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:*:*:*:*:*:*:*
infinite_automation_systemsmango_automation2.6.0cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
infinite_automation_systems	mango_automation	2.5.0	cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:::::::*
infinite_automation_systems	mango_automation	2.5.5	cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:::::::*
infinite_automation_systems	mango_automation	2.6.0	cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:::::::*