Published: 02/06/2020 Updated: 02/06/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sysax multi server 6.90

Sysax-MultiServer-690-Multiple-Vulnerabilities In 2020, my research on Sysax Multiserver 690 led to the publication of the following CVEs: CVE-2020-13227, CVE-2020-13228, CVE-2020-13229 1) Insecure Permissions and Information Disclosure via error handling::: CVE-2020-13227 ::: Description:An attacker can determine the username (under which the web server is running) by trigge

CWE-22 https://github.com/wrongsid3/Sysax-MultiServer-6.90-Multiple-Vulnerabilities/blob/master/README.md https://pasteboard.co/J9eF12G.png https://github.com/wrongsid3 https://nvd.nist.gov https://github.com/wrongsid3/Sysax-MultiServer-6.90-Multiple-Vulnerabilities

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-13227

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect