Vulnerabilities > CVE-2019-10849 - Missing Authorization vulnerability in Computrols Building Automation Software

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
computrols
CWE-862
exploit available
NVD
Published: 2019-05-23
Updated: 2020-08-24

Summary

Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.

Vulnerable Configurations

Part Description Count
Application
Computrols
1

Common Weakness Enumeration (CWE)

Exploit-Db

idEDB-ID:47629
last seen2019-11-13
modified2019-11-12
published2019-11-12
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/47629
titleCBAS-Web 19.0.0 - Information Disclosure

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/155248/ar-2019-009-2.txt
idPACKETSTORM:155248
last seen2019-11-14
published2019-11-12
reporterLiquidWorm
sourcehttps://packetstormsecurity.com/files/155248/Computrols-CBAS-Web-19.0.0-Information-Disclosure.html
titleComputrols CBAS-Web 19.0.0 Information Disclosure

References