Personify Personify360 E-Business vulnerabilities
2 known vulnerabilities affecting personify/personify360_e-business.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2017-7314P3HIGHCVSS 7.5PoC≤ 7.6.12017-06-07
CVE-2017-7314 [HIGH] CWE-287 CVE-2017-7314: An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.
nvd
CVE-2017-7313P3HIGHCVSS 7.5≤ 7.6.12017-06-07
CVE-2017-7313 [HIGH] CWE-200 CVE-2017-7313: An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required.
nvd