Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/166069/Thinfinity-VirtualUI-2.5.26.2-Information-Disclosure.html | Third Party Advisory VDB Entry |
http://thinfinity.com | Vendor Advisory |
https://github.com/cybelesoft/virtualui/issues/3 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-02-09T13:10:00
Updated: 2022-02-21T17:06:24
Reserved: 2022-01-18T00:00:00
Link: CVE-2021-46354
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-09T14:15:07.793
Modified: 2022-03-01T16:17:19.150
Link: CVE-2021-46354
JSON object: View
Redhat Information
No data.
CWE