A potential security vulnerability in the Intel® Raid Web Server 3 may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability.
CVEID: CVE-2018-12161
Description: Insufficient session validation in the webserver component of the Intel® Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Intel® RAID Web Console for Windows* version 3 and before.
Intel recommends that users of Intel® RAID Web Console for Windows* update to version 4.186 or later.
Updates are available for download at this location: <https://downloadcenter.intel.com/download/28183/Intel-RAID-Web-Console-3-for-Windows->
Intel would like to thank Trotmaster for reporting this issue and working with us on coordinated disclosure.