Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for controllers … that arent standard helpdesk pages, possibly involving the (1) /display and (2) /kb URIs.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cerberus_helpdesk | Cerberus | 2.5 (including) | 2.5 (including) |
| Cerberus_helpdesk | Webgroupmedia | * | 3.3 (including) |
| Cerberus_helpdesk | Webgroupmedia | 0.97.3 (including) | 0.97.3 (including) |
| Cerberus_helpdesk | Webgroupmedia | 2.0 (including) | 2.0 (including) |
| Cerberus_helpdesk | Webgroupmedia | 2.1 (including) | 2.1 (including) |
| Cerberus_helpdesk | Webgroupmedia | 2.2 (including) | 2.2 (including) |
| Cerberus_helpdesk | Webgroupmedia | 2.3 (including) | 2.3 (including) |
| Cerberus_helpdesk | Webgroupmedia | 2.4 (including) | 2.4 (including) |
| Cerberus_helpdesk | Webgroupmedia | 2.6.1 (including) | 2.6.1 (including) |
| Cerberus_helpdesk | Webgroupmedia | 2.7 (including) | 2.7 (including) |
| Cerberus_helpdesk | Webgroupmedia | 2.7.1-development_release (including) | 2.7.1-development_release (including) |
| Cerberus_helpdesk | Webgroupmedia | 2.649 (including) | 2.649 (including) |
| Cerberus_helpdesk | Webgroupmedia | 3.2 (including) | 3.2 (including) |
| Cerberus_helpdesk | Webgroupmedia | 3.2.1 (including) | 3.2.1 (including) |