CVE-2019-16116
Description
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.
References
Release NotesVendor Advisory
ExploitThird Party Advisory
CvssV3 impact
Version | 3.1 |
VectorString | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
AttackVector | NETWORK |
AttackComplexity | LOW |
PrivilegesRequired | LOW |
UserInteraction | NONE |
Scope | UNCHANGED |
ConfidentialityImpact | LOW |
IntegrityImpact | NONE |
AvailabilityImpact | NONE |
BaseScore | 4.3 |
BaseSeverity | MEDIUM |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:M/Au:S/C:P/I:N/A:N |
AccessVector | NETWORK |
AccessComplexity | MEDIUM |
Authentication | SINGLE |
ConfidentialityImpact | PARTIAL |
IntegrityImpact | NONE |
AvailabilityImpact | NONE |
BaseScore | 3.5 |