Local Information Disclosure Vulnerability in EasyLobby Solo
CVE-2018-17489

2.9LOW

Key Information:

Vendor: Hid Global
Status: Easylobby Solo
Vendor: CVE Published:; 21 March 2019

What is CVE-2018-17489?

The EasyLobby Solo product contains a vulnerability that allows local attackers to access sensitive data due to the storage of social security numbers in plaintext. By accessing the kiosk and navigating to the Visitor table within the database, an attacker could exploit this flaw to view sensitive personal information. This poses a significant risk to user privacy and data security, highlighting the need for immediate remediation.

Affected Version(s)

EasyLobby Solo 11.0.4563

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/149649

vdb-entryx_refsource_XF

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2019
Vulnerability Reserved
Sep 25, 2018

JSON

Hid Global

What is CVE-2018-17489?

Affected Version(s)

References

CVSS V3.1

Timeline