Vulnerabilities > EIC > Biyan > 2.8

DATE	CVE	VULNERABILITY TITLE	RISK
2019-06-19	CVE-2019-11232	Improper Authentication vulnerability in EIC Biyan 1.57/2.8 EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sending an EMP_NO element to the kws_login/asp/query_user.asp URI, and then reading the PWD element. network low complexity eic CWE-287	5.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.