Sensitive Information Disclosure in IBM Net.Data

Sensitive Information Disclosure in IBM Net.Data

CVE-2003-1282 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form.

Learn more about our Web App Pen Testing.