CVE-2018-13789

HIGH

Descor Infocad FM <3.1.0.0 - Info Disclosure

Title source: llm

Description

An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers.

References (1)

[Third Party Advisory] https://www.quantumleap.it/infocad-facility-management-cve-2018-13789-unauthenticated-webservice-allows-retrieval-arbitrary-files/

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 55.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-287 CWE-294

Status published

Affected Products (1)

descor/infocad_fm < 3.1.0.0

Timeline

Published Oct 10, 2018

Tracked Since Feb 18, 2026