Summary
SysAid On-Premise is prone to an arbitrary file
disclosure vulnerability.
Impact
An unauthenticated attacker may read arbitrary files which may contain sensitive information.
Solution
Upgrade to version 14.4.2 or above.
Insight
SysAid On-Premise is vulnerable to an unauthenticated file disclosure attack in the fileName parameter of getRdsLogFile.
Affected
SysAid On-Premise before 14.4.2.
Detection
Send a special crafted HTTP GET request and check the response.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-9436 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities