Exposure of Information Through Directory Listing

CVE-2017-6045

High

7.5/10

Summary

An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-548 - Exposure of Information Through Directory Listing

A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.

References

Advisory Timeline

Published Jun 21, 2017

Exposure of Information Through Directory Listing

CVE-2017-6045

Summary

CWE-548 - Exposure of Information Through Directory Listing

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS