Vulnerabilities > CVE-2020-7959 - Information Exposure Through Discrepancy vulnerability in Labvantage 8.3

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

labvantage

CWE-203

exploit available

NVD

Published: 2020-02-17

Updated: 2021-07-21

Summary

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.

Vulnerable Configurations

Part	Description	Count
Application	Labvantage Labvantage Labvantage 8.3	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

Exploit-Db

id	EDB-ID:48090

References

https://www.exploit-db.com/exploits/48090
https://github.com/websecnl/LabVantage8.3-Exploit