Issues » jsps exposed to non-authenticated users

Issue: SI-28
Date: Sep 24, 2014 12:00:00 AM
Severity: Moderate
Requires Admin Access: No
Fix Version: 3.0
Credit: Internal Security Team

There are some administrative jsps that are accessible to non-administrative users.  This allows an attacker to target and call those jsps directly from their browsers without authentication.


Back to the top