CVE-2011-1103

F-Secure Policy Manager 7.x, 8.00-8.1x, 9.00 - Information Exposure via Invalid Report Request

Title source: llm
STIX 2.1

Description

The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html.

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43049
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0509
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65664
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025124

Scores

EPSS 0.0196
EPSS Percentile 77.9%

Details

CWE
CWE-200
Status published
Products (4)
f-secure/policy_manager 7.00
f-secure/policy_manager 8.00 hotfix1 (2 CPE variants)
f-secure/policy_manager 8.1x hotfix1 (3 CPE variants)
f-secure/policy_manager 9.00 hotfix1 (4 CPE variants)
Published Feb 25, 2011
Tracked Since Feb 18, 2026