CVE-2017-3185

CRITICAL Year: 2017
CVSS v3 Score
9.8
Critical
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-598
View all →

Vulnerability Description

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.

Related Vulnerabilities

CVE-2018-14822

CRITICAL
CVSS:9.8(Critical)

Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user a...

CWE-5982018

CVE-2023-6014

CRITICAL
CVSS:9.1(Critical)

An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.

CWE-5982023

CVE-2021-36328

HIGH
CVSS:8.8(High)

Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauth...

CWE-5982021

CVE-2022-22551

HIGH
CVSS:8.8(High)

DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim sess...

CWE-5982022

CVE-2019-18573

HIGH
CVSS:8.7(High)

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potenti...

CWE-5982019

CVE-2019-6531

HIGH
CVSS:8.1(High)

An attacker could retrieve passwords from a HTTP GET request from the Kunbus PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) if the attacker is in an MITM positio...

CWE-5982019