Vulnerabilities > Logonbox

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-21	CVE-2019-6716	Authorization Bypass Through User-Controlled Key vulnerability in Logonbox Nervepoint Access Manager 1.2/1.3/1.4 An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request. network low complexity logonbox CWE-639	7.5

Vulnerabilities > Logonbox {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Logonbox"}]}