Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 02/06/2020 Updated: 02/06/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sysax multi server 6.90

Sysax-MultiServer-690-Multiple-Vulnerabilities In 2020, my research on Sysax Multiserver 690 led to the publication of the following CVEs: CVE-2020-13227, CVE-2020-13228, CVE-2020-13229 1) Insecure Permissions and Information Disclosure via error handling::: CVE-2020-13227 ::: Description:An attacker can determine the username (under which the web server is running) by trigge

CWE-384 https://github.com/wrongsid3/Sysax-MultiServer-6.90-Multiple-Vulnerabilities/blob/master/README.md https://github.com/wrongsid3 https://nvd.nist.gov https://github.com/wrongsid3/Sysax-MultiServer-6.90-Multiple-Vulnerabilities

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-13229

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect