The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| islonline | isl_desktop_plugin | * |
| islonline | isl_desktop_plugin | 1.3.3 |
| islonline | isl_desktop_plugin | 1.4.1 |
| islonline | isl_light | * |
| islonline | isl_desktop_plugin | 1.4.2 |
The ISL Light Remote Desktop (aka com.islonline.isllight.mobile.android) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| islonline | isl_light_remote_desktop | 2.1.0 |