Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2019-20047

Published: 27/12/2019 Updated: 07/01/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Omnivista 4760

Vulnerability Summary

An issue exists on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices prior to 4.1.2. An incorrect web server configuration allows a remote unauthenticated malicious user to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

al-enterprise omnivista 4760

al-enterprise omnivista 8770

References

CWE-522https://git.lsd.cat/g/omnivista-rcehttps://packetstormsecurity.com/files/155595/Alcatel-Lucent-Omnivista-8770-Remote-Code-Execution.htmlhttps://www.exploit-db.com/exploits/47761https://www.al-enterprise.com/en/-/media/assets/internet/documents/sa-c0065-ov8770-rce-vulnerability-en.pdfhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook