vendor:
OpenBMCS
by:
LiquidWorm
5.5
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: OpenBMCS
Affected Version From: 2.4
Affected Version To: 2.4
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Linux Ubuntu, Linux Debian, Apache, nginx, PHP
2021
OpenBMCS 2.4 – Information Disclosure
The application allows directory listing and information disclosure of some sensitive files that can allow an attacker to leverage the disclosed information and gain full BMS access.
Mitigation:
Implement proper access controls and restrict directory listing. Ensure sensitive files are not accessible to unauthorized users.
