Vulnerability Details : CVE-2008-0636
Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2008-0636
Probability of exploitation activity in the next 30 days: 1.52%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-0636
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
[email protected] |
CWE ids for CVE-2008-0636
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: [email protected] (Primary)
Vendor statements for CVE-2008-0636
-
Level Platforms 2008-02-14Level Platforms clarifies that this issue is an Exposure and not a Vulnerability with Managed Workplace 6.0 Service Pack 2. The Exposure is of non-sensitive information as defined by commonly accepted security standards. I.E. The definition of the term “sensitive” is limited to designate all those types and forms of information that, by law or regulation, require some form of protection but are outside the formal system for classifying national security information. Managed Workplace is not used by customers to process classified information and this Exposure does not reveal non-classified sensitive information. The Exposure is eliminated in Managed Workplace 6.0 Service Pack 3. This Service Pack is currently in Beta and will be generally available within the next 20 days.
- cpe:2.3:a:level_platforms:managed_workplace_service_center:5:*:*:*:*:*:*:*
- cpe:2.3:a:level_platforms:managed_workplace_service_center:6:*:*:*:*:*:*:*
- cpe:2.3:a:level_platforms:managed_workplace_service_center:4:*:*:*:*:*:*:*