Tibbo AggreGate Network Manager Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability exists in Tibbo AggreGate Network Manager versions prior to 6.40.05, where sensitive system information is exposed through an unauthenticated endpoint. The affected endpoint, /cwmp/happyaxis.jsp, discloses Java system properties, server path details, and version information to unauthorized users. This information leakage could potentially be exploited to facilitate further attacks on the system.

Impact

The vulnerability allows unauthorized users to access sensitive system information, which could be used to compromise the system further.

Added: Oct 23, 2025, 5:20 PM

Updated: Oct 23, 2025, 5:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tibbo AggreGate Network Manager Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Affected Products

Tibbo AggreGate Network Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating