Havalite CMS ‘data/havalite.db3’ File Database Information Disclosure Vulnerability

Summary

Havalite CMS is prone to an information-disclosure vulnerability.

Credit:

Details

Vulnerable Systems:
 * IBM eDiscovery Manager 2.2

Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct request for data/havalite.db3.

CVE Information:
CVE-2012-5892

Disclosure Timeline:
Published: December 10 2012

Categories: News