Omnivista 4760
Approved changes feed: RSS · Atom
cpe:2.3:a:al-enterprise:omnivista_4760:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Al Enterprise (10c49c56-b3a1-56a7-9a3b-2666db7c1ead) |
|---|---|
| Product | Omnivista 4760 (bb8da4d6-ace1-579a-a850-55f5dfa57980) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-20049 |
vulnerable | 2026-06-08 05:13:30.439025 |
Details available
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages().
Published: 2019-12-27T18:18:22.000Z
Updated: 2024-08-05T02:32:10.482Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-20047 |
vulnerable | 2026-06-08 05:13:30.437671 |
Details available
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>.
Published: 2019-12-27T18:19:20.000Z
Updated: 2024-08-05T02:32:10.547Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.