CVE-2019-17321
MEDIUMClipSoft REXPERT < 1.0.0.527 - Unauthenticated Username Exposure via Session File Path
Title source: llmDescription
ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184
Scores
CVSS v3
5.3
EPSS
0.0093
EPSS Percentile
56.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
clipsoft/rexpert
< 1.0.0.527
Published
Oct 30, 2019
Tracked Since
Feb 18, 2026