Lucene search

K

Veracode Vulnerability DatabaseVERACODE:20656

HistoryJul 04, 2019 - 9:17 a.m.

Information Disclosure

2019-07-0409:17:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7

EPSS

0.011

Percentile

84.3%

DNN (DotNetNuke) is vulnerable to information disclosure. The use of a lower-than-expected entropy caused by an incorrect convertion of the encryption key source values allow attackers to retrieve confidential information. This vulnerability exists due to an incomplete fix for CVE-2018-15812.

References

packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html

github.com/dnnsoftware/Dnn.Platform/pull/2616

github.com/dnnsoftware/Dnn.Platform/releases

github.com/dnnsoftware/Dnn.Platform/releases/tag/v9.3.0-rc2

www.dnnsoftware.com/community/security/security-center

EPSS

0.011

Percentile

84.3%

Related for VERACODE:20656

osv4 prion2 cve2 nvd2 github2 cvelist2 openvas2 attackerkb1 exploitdb1 packetstorm1 veracode1 zdt1 metasploit1