CVE-2004-2748

EPSS 4.61%
Published 31.12.2004 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Webtrends ≫ Reporting Center Version6.1a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.61%	0.882

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/10689

Vendor Advisory

http://securityreason.com/securityalert/3354

http://www.osvdb.org/3680

http://www.securityfocus.com/archive/1/350419/30/21610/threaded

http://www.securityfocus.com/bid/9460

http://www.securitytracker.com/id?1008799

https://nvd.nist.gov/vuln/detail/CVE-2004-2748

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-2748

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-2748

EUVD