Description
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.
Exploits (1)
exploitdb
WORKING POC
by Berk Cem Göksel · pythonwebappsphp
https://www.exploit-db.com/exploits/44515
Scores
CVSS v3
8.8
EPSS
0.0431
EPSS Percentile
88.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (1)
ericssonlg/ipecs_nms
a.1ac
Published
Apr 22, 2018
Tracked Since
Feb 18, 2026