Golem Oee Mes
Monthly
Arbitrary file disclosure in Golem OEE MES (Neuron Soft) before 11.6.0 lets an unauthenticated attacker on the same local network read any file readable by the server process by manipulating HTTP request paths. Reported by CERT-PL with no public exploit identified at time of analysis, the issue is fixed in 11.6.0 and carries a CVSS 4.0 base score of 8.3 driven by adjacent-network access and high confidentiality impact extending beyond the application.
Arbitrary file disclosure in Golem OEE MES (Neuron Soft) before 11.6.0 lets an unauthenticated attacker on the same local network read any file readable by the server process by manipulating HTTP request paths. Reported by CERT-PL with no public exploit identified at time of analysis, the issue is fixed in 11.6.0 and carries a CVSS 4.0 base score of 8.3 driven by adjacent-network access and high confidentiality impact extending beyond the application.