icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Interchange Search Request Information Disclosure

Medium

Synopsis

The remote web server is affected by an information-disclosure vulnerability.

Description

The remote web server is running Interchange, a web-based application server. The installed version is potentially affected by an information disclosure vulnerability. It is possible to remotely query any table configured withing Interchange by using a specially crafted search request because the application fails to limit which tables can be searched on.

Solution

Upgrade to Interchange 5.7.2, 5.6.2, or 5.4.4.