WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.01174
Percentile: 0.77803

CVSS Scoring

Affected Products

• cpe:2.3:a:workforceroi:xpede:4.1:*:*:*:*:*:*:*

← Back to Home