An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/154838/Kirona-DRS-5.5.3.5-Information-Disclosure.html | Exploit Third Party Advisory VDB Entry |
https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-10-11T16:21:11
Updated: 2019-10-14T16:06:06
Reserved: 2019-10-11T00:00:00
Link: CVE-2019-17503
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-11T17:15:09.977
Modified: 2021-07-21T11:39:23.747
Link: CVE-2019-17503
JSON object: View
Redhat Information
No data.
CWE