Description

Acunetix determined that it was possible to access a monitoring system without authentication.

Remediation

Restrict access to the monitoring system

References

Authentication Cheat Sheet

CWE-306: Missing Authentication for Critical Function

Related Vulnerabilities

SharePoint exposed web services

WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)

WordPress Plugin WooCommerce Information Disclosure (4.5.2)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-0195)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2206)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure