CVE-2020-10601

EPSS 0.02%
Veröffentlicht 03.04.2020 18:15:13
Zuletzt bearbeitet 21.11.2024 04:55:40
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Visam ≫ Vbase Editor Version11.5.0.2

Visam ≫ Vbase Web-remote

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.023

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://www.us-cert.gov/ics/advisories/icsa-20-084-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2020-10601

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-10601

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-10601

EUVD