9.8
CVE-2020-5616
- EPSS 3.86%
- Veröffentlicht 04.08.2020 02:15:11
- Zuletzt bearbeitet 21.11.2024 05:34:22
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
Login[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Calendar01 Project ≫ Calendar01 Version1.0.0 SwEditionfree
Calendar02 Project ≫ Calendar02 Version1.0.0 SwEditionfree
Calendarform01 Project ≫ Calendarform01 SwEditionfree Version <= 1.0.3
Gallery01 Project ≫ Gallery01 SwEditionfree Version <= 1.0.3
Link01 Project ≫ Link01 Version1.0.0 SwEditionfree
Pkobo-news01 Project ≫ Pkobo-news01 SwEditionfree Version <= 1.0.3
Pkobo-vote01 Project ≫ Pkobo-vote01 SwEditionfree Version <= 1.0.1
Telop01 Project ≫ Telop01 Version1.0.0 SwEditionfree
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.86% | 0.871 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.