Lucene search

MitreCVE-2020-7959

HistoryFeb 17, 2020 - 9:15 p.m.

CVE-2020-7959

2020-02-1721:15:13

CWE-203

mitre

web.nvd.nist.gov

cve-2020-7959

labvantage lims 8.3

database confidentiality

enumeration

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.036

Percentile

91.7%

JSON

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.

Affected configurations

Nvd

Node

labvantagelabvantageMatch8.3

VendorProductVersionCPE
labvantagelabvantage8.3cpe:2.3:a:labvantage:labvantage:8.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
labvantage	labvantage	8.3	cpe:2.3:a:labvantage:labvantage:8.3:::::::*

References

github.com/websecnl/LabVantage8.3-Exploit

www.exploit-db.com/exploits/48090

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.036

Percentile

91.7%

JSON

Related for CVE-2020-7959