Lanatmservice : Security Vulnerabilities, CVEs, CVSS score >= 2
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.
Max CVSS
5.3
EPSS Score
0.17%
Published
2020-12-10
Updated
2020-12-14
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.
Max CVSS
10.0
EPSS Score
0.69%
Published
2020-12-10
Updated
2020-12-14
2 vulnerabilities found