9.8

CVE-2020-13963

EPSS 0.54%
Veröffentlicht 21.03.2021 21:15:12
Zuletzt bearbeitet 21.11.2024 05:02:15
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Soplanning ≫ Soplanning Version >= 1.45 < 1.47

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.667

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://cwe.mitre.org/data/definitions/321.html

Technical Description

https://forum.soplanning.org/viewforum.php?f=8

Vendor Advisory

https://labs.integrity.pt/advisories/cve-2020-13963/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-13963

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-13963

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-13963

EUVD