Information Disclosure Vulnerability in ListEntityLinksServlet

Information Disclosure Vulnerability in ListEntityLinksServlet

CVE-2019-15011 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

The ListEntityLinksServlet resource in Application Links before version 5.0.12, from version 5.1.0 before version 5.2.11, from version 5.3.0 before version 5.3.7, from version 5.4.0 before 5.4.13, and from version 6.0.0 before 6.0.5 disclosed application link information to non-admin users via a missing permissions check.

Learn more about our User Device Pen Test.