Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure
ID: CVE-2020-27361
Severity: high
Author: gy741
Tags: cve,cve2020,akkadian,listing,exposure,akkadianlabs
Description
Section titled “Description”Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories.
YAML Source
Section titled “YAML Source”id: CVE-2020-27361
info: name: Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure author: gy741 severity: high description: Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories. impact: | An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to further attacks. remediation: | Apply the latest patch or upgrade to a newer version of Akkadian Provisioning Manager to fix the vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-27191 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-27361 cwe-id: CWE-668 epss-score: 0.0314 epss-percentile: 0.90098 cpe: cpe:2.3:a:akkadianlabs:akkadian_provisioning_manager:4.50.02:*:*:*:*:*:*:* metadata: max-request: 1 vendor: akkadianlabs product: akkadian_provisioning_manager tags: cve,cve2020,akkadian,listing,exposure,akkadianlabs
http: - method: GET path: - "{{BaseURL}}/pme/media/"
matchers-condition: and matchers: - type: word words: - "Index of /pme/media" - "Parent Directory" condition: and
- type: status status: - 200# digest: 490a004630440220614836a34fe5e79eb17beff1ad9d97d5697665743e9b8de00f22bbfeca3077f102206fd5ff6fd96019fa90f2e7341a15e77ef99c94958d0f3bbc6d9b62db5247fc81:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-27361.yaml"