Username Disclosure Vulnerability in Sysax Multi Server 6.90

Username Disclosure Vulnerability in Sysax Multi Server 6.90

CVE-2020-13227 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism.

Learn more about our Web App Pen Testing.