CVE-2020-29020

EPSS 0.67%
Veröffentlicht 05.03.2021 21:15:12
Zuletzt bearbeitet 21.11.2024 05:23:31
Quelle VulnerabilityReporting@secomea
CVE-Watchlists
Login
Unerledigt
Login

Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Secomea ≫ Sitemanager Firmware Version < 9.4.620527004

Secomea ≫ Sitemanager Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.67%	0.688

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
VulnerabilityReporting@secomea.com	9.1	2.3	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.secomea.com/support/cybersecurity-advisory/#3217

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-29020

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-29020

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-29020

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-29020