9.8

CVE-2020-8995

EPSS 1.11%
Veröffentlicht 21.12.2020 22:15:13
Zuletzt bearbeitet 21.11.2024 05:39:48
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bilanc ≫ Bilanc Version <= 014_31.01.2020

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.11%	0.761

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://seclists.org/fulldisclosure/2020/Dec/38

Third Party Advisory

Mailing List

https://packetstormsecurity.com/files/160626/Programi-Bilanc-Build-007-Release-014-31.01.2020-Hardcoded-Credentials.html

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2020-8995

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8995

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8995

EUVD