CVE-2002-0583

2002-06-1104:00:00

mitre

www.cve.org

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.0%

JSON

WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack.

References

archives.neohapsis.com/archives/bugtraq/2002-04/0273.html

www.iss.net/security_center/static/8905.php

www.securityfocus.com/bid/4554