Online Weather - Information disclosure in cookie | Web Application Security Testing

DATE

26.02.2020

Affected Vendor

IBL

Affected Product

Online Weather – Online Weather is an application developed for the automatic publishing of meteorological information online – https://www.iblsoft.com/products/onlineweather

Vulnerable version

4.3.5

Fixed version

4.3.5a

CVSS

3.1 Low CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Recommendations

Update to Online Weather version 4.3.5a

Vulnerability details

The IWEBSERVICE_JSONRPC_COOKIE contains potentially sensitive information encoded in base64.

CVE

CVE-2020-9407

Credits

Dawid Czarnecki

References

https://nvd.nist.gov/vuln/detail/CVE-2020-9407

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

Have Any Questions?

Online Weather – Information disclosure in cookie

NEED A CONSULTATION?

contact@zigrin.com

GPG Key

Get a free consultation