Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for controllers … that arent standard helpdesk pages, possibly involving the (1) /display and (2) /kb URIs.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cerberus_helpdesk | Webgroupmedia | 0.97.3 | 0.97.3 |
Cerberus_helpdesk | Webgroupmedia | 2.6.1 | 2.6.1 |
Cerberus_helpdesk | Webgroupmedia | 2.0 | 2.0 |
Cerberus_helpdesk | Webgroupmedia | 3.2.1 | 3.2.1 |
Cerberus_helpdesk | Webgroupmedia | 2.3 | 2.3 |
Cerberus_helpdesk | Webgroupmedia | 3.2 | 3.2 |
Cerberus_helpdesk | Cerberus | 2.5 | 2.5 |
Cerberus_helpdesk | Webgroupmedia | 2.649 | 2.649 |
Cerberus_helpdesk | Webgroupmedia | * | 3.3 |
Cerberus_helpdesk | Webgroupmedia | 2.7 | 2.7 |
Cerberus_helpdesk | Webgroupmedia | 2.7.1 | 2.7.1 |
Cerberus_helpdesk | Webgroupmedia | 2.2 | 2.2 |
Cerberus_helpdesk | Webgroupmedia | 2.4 | 2.4 |
Cerberus_helpdesk | Webgroupmedia | 2.1 | 2.1 |