iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote malicious users to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ie ie integrator 4.4.220114 |