admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-280xx/CVE-2020-28054.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

119 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-28054",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-11-19T16:15:10.907",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."
},
{
"lang": "es",
"value": "JamoDat TSMManager Collector versiones hasta 6.5.0.21, es vulnerable a una Omisi\u00f3n de Autorizaci\u00f3n porque el componente Collector no est\u00e1 comprobando apropiadamente una sesi\u00f3n autenticada con el Viewer. Si el Viewer ha sido modificado (parcheado binario) y est\u00e1 siendo usada la funcionalidad Bypass Login, un atacante puede pedir la funcionalidad de cada recopilador como si fuera un usuario que inici\u00f3 sesi\u00f3n apropiadamente: administrando instancias conectadas, revisando registros, editando configuraciones, accediendo a las instancias de unas consolas, accediendo a configuraciones de hardware, etc. La explotaci\u00f3n de esta vulnerabilidad no garantiza a un atacante acceso ni control en los servidores de ISP remotos, ya que las credenciales no son enviadas con la petici\u00f3n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tsmmanager:tsmmanager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.5.0.21",
"matchCriteriaId": "C49F1BFE-942F-481B-965B-5177F9131C28"
}
]
}
]
}
],
"references": [
{
"url": "https://tsmmanager.com",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://voidsec.com",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://voidsec.com/tivoli-madness/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink