mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
113 lines
3.9 KiB
JSON
113 lines
3.9 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "sirt@silver-peak.com",
|
|
"DATE_PUBLIC": "2020-10-31T16:00:00.000Z",
|
|
"ID": "CVE-2020-12145",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Silver Peak Unity OrchestratorTM authentication can be subverted through manipulation of HTTP headers."
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Silver Peak Systems, Inc.",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Unity Orchestrator",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "All versions affected prior to Silver Peak Unity Orchestrator 8.9.11+"
|
|
},
|
|
{
|
|
"version_value": "8.10.11+"
|
|
},
|
|
{
|
|
"version_value": "or 9.0.1+."
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "This vulnerability was reported to Silver Peak by the security team at Realmode Labs."
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted by customers \u2013on-premise or in a public cloud provider \u2013are affected by this vulnerability."
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 6.6,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "HIGH",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CVE-2020-12145"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-287 Improper Authentication"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://www.silver-peak.com/support/user-documentation/security-advisories",
|
|
"name": "https://www.silver-peak.com/support/user-documentation/security-advisories"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Recommended Actions for Silver Peak Customers: Upgrade to Orchestrator 8.9.11+, 8.10.11+, or 9.0.1+."
|
|
}
|
|
],
|
|
"source": {
|
|
"advisory": "Security Advisory 2020-10-31-01-001",
|
|
"discovery": "EXTERNAL"
|
|
}
|
|
} |