3 matches found
CVE-2020-7959
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognize...
CVE-2020-7959
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognize...
CVE-2020-7959
LabVantage LIMS 8.3 contains an information-disclosure vulnerability where the web app can reveal database names. An attacker can enumerate databases by sending a crafted request and receiving an Unrecognized Database exception when the database does not exist. Public exploits exist (e.g., Exploi...