Security Advisory

CVE-2019-19616

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-12-06 02:06:33

Last updated 2024-08-05 02:25:12

Assigner mitre

State PUBLISHED

Description

An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function.

← Browse all CVEs View on cve.org ↗