Incomplete Cryptography in Nablarch 5 Allows Remote Data Manipulation

Incomplete Cryptography in Nablarch 5 Allows Remote Data Manipulation

CVE-2019-5919 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.