Unrated severityNVD Advisory· Published Mar 17, 2019· Updated Aug 4, 2024
CVE-2019-6716
CVE-2019-6716
Description
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 2013-2017
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/46254/mitreexploitx_refsource_EXPLOIT-DB
- packetstormsecurity.com/files/151373/LongBox-Limited-Access-Manager-Insecure-Direct-Object-Reference.htmlmitrex_refsource_MISC
- www.logonbox.com/en/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.