CVE-2020-25096

EPSS 0.42%
Veröffentlicht 17.12.2020 03:15:13
Zuletzt bearbeitet 21.11.2024 05:17:19
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application server, which will forward requests to any configured back-end server, regardless of whether the user's access rights should permit this. As a result, even the most low-privileged user can interact with any back-end component that has a LogRhythm agent installed.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Logrhythm ≫ Platform Manager Version7.4.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.592

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://cybercx.com.au/blog/2020/12/15/logrhythm-zero-days/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-25096

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-25096

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-25096

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-25096