Al-enterprise - Omnivista 4760 CVE

Filtered by vendor Al-enterprise Subscribe

Filtered by product Omnivista 4760

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-20047	1 Al-enterprise	2 Omnivista 4760, Omnivista 8770	2020-01-07	5.0 MEDIUM	7.5 HIGH
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>.

Vulnerabilities (CVE)