ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required.
References
Link | Resource |
---|---|
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: krcert
Published: 2019-10-30T20:42:57
Updated: 2019-10-30T20:42:57
Reserved: 2019-10-07T00:00:00
Link: CVE-2019-17321
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-30T21:15:11.833
Modified: 2019-11-01T19:45:08.200
Link: CVE-2019-17321
JSON object: View
Redhat Information
No data.
CWE