Improper Permission Control in Huawei Document Security Management
CVE-2016-2406

4.3MEDIUM

Key Information:

Vendor: Huawei
Status: Document Security Management
Vendor: CVE Published:; 20 March 2017

Summary

The permission control module in Huawei Document Security Management prior to version V100R002C05SPC670 is susceptible to a vulnerability that allows remote authenticated users to exploit improper permissions on the PrintScreen button. This flaw can lead to unauthorized disclosure of sensitive information present in encrypted documents, posing significant risks to data security.

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2017
Vulnerability Reserved
Feb 18, 2016