CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
79.7%
Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.
Vendor | Product | Version | CPE |
---|---|---|---|
alcatel-lucent | omnivista | * | cpe:2.3:a:alcatel-lucent:omnivista:*:*:*:*:*:*:*:* |
alcatel-lucent | omnivista | 4760_r5.0.07.05 | cpe:2.3:a:alcatel-lucent:omnivista:4760_r5.0.07.05:*:*:*:*:*:*:* |
seclists.org/fulldisclosure/2011/Mar/8
secunia.com/advisories/43507
securityreason.com/securityalert/8122
www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf
www.securityfocus.com/archive/1/516768/100/0/threaded
www.securityfocus.com/bid/46624
www.vupen.com/english/advisories/2011/0548
exchange.xforce.ibmcloud.com/vulnerabilities/65848