← back
CVE-2019-6716

CVE-2019-6716

EPSS 9.6%
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/151373/LongBox-Limited-Access-Manager-Insecure-Direct-Object-Reference.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46254/unverifiedexploitdbwww.exploit-db.com/exploits/46254unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/151373/LongBox-Limited-Access-Manager-Insecure-Direct-Object-Reference.htmlhttps://www.exploit-db.com/exploits/46254/https://www.logonbox.com/en/