CVE-2017-16607 - AskarLabs CVE Database

CVE-2017-16607

Vendor Netgain Systems

Product NetGain Systems Enterprise Manager

Weakness CWE-200 · Info exposure

Published January 23, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download heap memory dump. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information in the context of the current process. Was ZDI-CAN-4718.

Key dates

02Disclosure timeline

January 23, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-16607

Related vulnerabilities

04Related CVE

CVE-2024-5010 WhatsUp Gold TestController multiple information disclosure vulnerabilities CVE-2025-12558 Beaver Builder – WordPress Page Builder <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure CVE-2024-39527 Junos OS: SRX Series: Low privileged user able to access sensitive information on file system CVE-2026-44206 Frappe: DB Schema Enumeration via Frappe-Authorization-Source CVE-2025-66304 Grav Exposes Password Hashes Leading to privilege escalation