Primary

Context

Metasoft MetaCRM Information Disclosure Vulnerability in env.jsp

Vulnerability

A vulnerability allowing information disclosure has been identified in Metasoft MetaCRM versions through 6.4.2. The issue resides in the env.jsp file, where sensitive information such as the server name, Java version, and absolute file paths can be accessed. This vulnerability can be exploited remotely without authentication.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive server information, which could be used for further attacks or to compromise the server.

Reproduction

The vulnerability can be reproduced by sending a request to the /env.jsp endpoint without authentication. This can be done manually or through automated tools. The absence of authentication controls allows unauthorized users to access sensitive information.

Added: Jul 20, 2025, 7:17 AM

Updated: Jul 20, 2025, 7:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Metasoft MetaCRM Information Disclosure Vulnerability in env.jsp

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating