Web Chat
CVE-2019-16951
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amount of information sent in the request from this product to the attacker: it reveals information the public should not have. This includes pathnames and internal ip addresses.
AnalysisAI
A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-829. A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amount of information sent in the request from this product to the attacker: it reveals information the public should not have. This includes pathnames and internal ip addresses. Affected products include: Enghouse Web Chat.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. Rated critical severity (CVSS 9.8), this vulnerability is
An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. Rated medium severity (CVSS 6.5), this vulnerabi
Enghouse Web Chat 6.2.284.34 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, n
An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. Rated medium severity (CVSS 6.1), this vulne
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today