Unauthenticated Access to PHP Index Pages and History File Download in Dataprobe iBoot-PDU FW Versions Prior to 1.42.06162022

Unauthenticated Access to PHP Index Pages and History File Download in Dataprobe iBoot-PDU FW Versions Prior to 1.42.06162022

CVE-2022-3188 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.

Learn more about our User Device Pen Test.