CVE-2020-28054

EPSS 1.16%
Veröffentlicht 19.11.2020 16:15:10
Zuletzt bearbeitet 21.11.2024 05:22:17
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tsmmanager ≫ Tsmmanager Version <= 6.5.0.21

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.16%	0.777

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

https://tsmmanager.com

Product

https://voidsec.com

Third Party Advisory

https://voidsec.com/tivoli-madness/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-28054

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-28054

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-28054

EUVD