Summary
SysAid On-Premise is prone to an arbitrary file
disclosure vulnerability.
Impact
An unauthenticated attacker may read arbitrary files which may contain sensitive information.
Solution
Upgrade to version 14.4.2 or above.
Insight
SysAid On-Premise is vulnerable to an unauthenticated file disclosure attack in the fileName parameter of getRdsLogFile.
Affected
SysAid On-Premise before 14.4.2.
Detection
Send a special crafted HTTP GET request and check the response.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-9436 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- 123 Flash Chat Multiple Security Vulnerabilities
- Apache Web Server ETag Header Information Disclosure Weakness
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apple Safari Multiple Vulnerabilities
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities