7.5
CVE-2020-25164
- EPSS 0.1%
- Veröffentlicht 14.04.2022 21:15:08
- Zuletzt bearbeitet 21.11.2024 05:17:31
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bbraun ≫ Datamodule Compactplus Versiona10
Bbraun ≫ Datamodule Compactplus Versiona11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.274 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| ics-cert@hq.dhs.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
CWE-759 Use of a One-Way Hash without a Salt
The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.