QwikSec

Security Database

CVE

CWE

Training

CVE-2019-7667

Published: Jul 1, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login information, which can allow the attacker to bypass authentication and have full access to the system.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://applied-risk.com/labs/advisories

x_refsource_MISC

https://www.applied-risk.com/resources/ar-2019-007

x_refsource_MISC

https://www.us-cert.gov/ics/advisories/icsa-19-211-02

x_refsource_MISC

http://packetstormsecurity.com/files/155262/Prima-FlexAir-Access-Control-2.3.35-Database-Backup-Predictable-Name.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.