CVE-2017-7589

OpenIDM prior to 4.5.0 (4.0.0–pre-4.5.0) exposes an info endpoint vulnerability: an anonymous user can trigger information disclosure via the info/login.js path due to a missing access-control check. Reports indicate responses may be 200 OK containing JSON with IP addresses, indicating partial co...