Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file (i.e. WebAPI.cfg.xml) after the installation process. This file can be accessed without authentication on HTTP port 80 by guessing the correct IIS webroot path. It includes system configuration parameter names and values with sensitive configuration values encrypted.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Entrust Instant Financial Issuance 安全漏洞
Vulnerability Description
Entrust Instant Financial Issuance(Entrust Cardwizard)是美国Entrust公司的一个即时金融卡发行解决方案。 Entrust Instant Financial Issuance存在安全漏洞,该漏洞源于安装后留下的配置文件(WebAPI.cfg.xml)未进行适当的访问控制,导致潜在的敏感信息泄露。受影响版本如下:6.10.0、6.9.0、6.9.1、6.9.2、6.8.x及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A