Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

Online Weather – Information disclosure in cookie

DATE

26.02.2020

Affected Vendor

IBL

Affected Product

Online Weather – Online Weather is an application developed for the automatic publishing of meteorological information online – https://www.iblsoft.com/products/onlineweather

Vulnerable version

4.3.5

Fixed version

4.3.5a

CVSS

3.1 Low CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Recommendations

Update to Online Weather version 4.3.5a 

Vulnerability details

The IWEBSERVICE_JSONRPC_COOKIE contains potentially sensitive information encoded in base64.

CVE

CVE-2020-9407

Credits

Dawid Czarnecki

References

https://nvd.nist.gov/vuln/detail/CVE-2020-9407

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

NEED A CONSULTATION?

Contact Us