Vulnerability Description
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enterprisedt | Completeftp Server | < 12.1.3 |
Related Weaknesses (CWE)
References
- https://enterprisedt.com/products/completeftp/doc/guide/html/history.htmlRelease NotesVendor Advisory
- https://rhinosecuritylabs.com/application-security/completeftp-server-local-privExploitThird Party Advisory
- https://enterprisedt.com/products/completeftp/doc/guide/html/history.htmlRelease NotesVendor Advisory
- https://rhinosecuritylabs.com/application-security/completeftp-server-local-privExploitThird Party Advisory
FAQ
What is CVE-2019-16116?
CVE-2019-16116 is a vulnerability with a CVSS score of 4.3 (MEDIUM). EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.
How severe is CVE-2019-16116?
CVE-2019-16116 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16116?
Check the references section above for vendor advisories and patch information. Affected products include: Enterprisedt Completeftp Server.