Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
Advantech iView, versiones 5.6 y anteriores, tiene una vulnerabilidad de control de acceso inadecuado. La explotación exitosa de esta vulnerabilidad puede permitir a un atacante obtener las credenciales de todas las cuentas de usuario
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the UserServlet class. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
