CVE-2019-12270 : What You Need to Know

OpenText Brava! Enterprise and Brava! Server versions 7.5 through 16.4 have a default configuration that sets excessive permissions on Windows, potentially leading to information disclosure.

Understanding CVE-2019-12270

OpenText Brava! Enterprise and Brava! Server versions 7.5 through 16.4 are affected by a vulnerability that results in excessive permissions being set on Windows servers during installation.

What is CVE-2019-12270?

The default configuration of OpenText Brava! Enterprise and Brava! Server versions 7.5 through 16.4 on Windows servers creates a file share named displaylistcache with full read and write permissions for the Everyone group at both NTFS and Share levels.

The Impact of CVE-2019-12270

The vulnerability could allow unauthorized access to sensitive documents stored on the affected Windows servers, potentially leading to information disclosure.

Technical Details of CVE-2019-12270

OpenText Brava! Enterprise and Brava! Server versions 7.5 through 16.4 are affected by the following:

Vulnerability Description

Default configuration sets excessive permissions on Windows servers
File share named displaylistcache grants full read and write permissions to Everyone group

Affected Systems and Versions

OpenText Brava! Enterprise and Brava! Server versions 7.5 through 16.4

Exploitation Mechanism

Unauthorized users gaining access to sensitive documents stored on Windows servers

Mitigation and Prevention

Immediate Steps to Take:

Review and adjust permissions on the displaylistcache file share
Limit access to the share to only necessary accounts Long-Term Security Practices:
Regularly review and update permissions on Windows servers
Follow the principle of least privilege for file shares and permissions Patching and Updates:
Apply vendor-recommended security configurations and updates