| タイトル | Beijing Metasoft Technology Co., Ltd. (China) MetaCRM 6.4.2 Improper Authorization of Index Containing Sensitive Information |
|---|
| 説明 | MetaCRM6 is an enterprise-level customer relationship management system developed by Beijing Metasoft Technology Co., Ltd. Launched in December 2009, it targets medium and large enterprises, offering intelligent, platform-based CRM solutions. Key features include 360° customer profile management, full sales cycle support, multi-organization management, efficient delivery processes, and integration with ERP/PLM/MES. It serves over 40 sectors like smart manufacturing and medical equipment, with a mobile app for iPad.
Beijing Metasoft Technology Co., Ltd. (China) : http://www.metasoft.com.cn/
However,The two interfaces /env.jsp and /debug.jsp have front-end sensitive information leakage vulnerabilities.
The /env.jsp and /debug.jsp endpoints are vulnerable to information disclosure. Unauthenticated attackers can access /env.jsp to obtain sensitive information such as the server name, Java version, and absolute file paths.
Additionally, the /debug.jsp endpoint lacks authentication controls, allowing unauthorized users to perform privileged operations, including modifying server debugging settings and accessing sensitive server logs. Immediate remediation is recommended to prevent potential system compromise.
|
|---|
| ソース | ⚠️ https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-SIL-2.md |
|---|
| ユーザー | nu11 (UID 81380) |
|---|
| 送信 | 2025年07月08日 05:26 (8 月 ago) |
|---|
| モデレーション | 2025年07月19日 09:15 (11 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 316988 [Metasoft 美特软件 MetaCRM 迄 6.4.2 /env.jsp 情報漏えい] |
|---|
| ポイント | 20 |
|---|