CVE-2020-27157

{"id": "CVE-2020-27157", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2020-10-15T05:15:12.337", "references": [{"url": "https://www.veritas.com/content/support/en_US/security/VTS20-006#issue2", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.veritas.com/content/support/en_US/security/VTS20-006#issue2", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-294"}]}], "descriptions": [{"lang": "en", "value": "Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account."}, {"lang": "es", "value": "Veritas APTARE versiones anteriores a 10.5, inclu\u00edan un c\u00f3digo que omit\u00eda el proceso de inicio de sesi\u00f3n normal cuando se proporcionaban credenciales de autenticaci\u00f3n espec\u00edficas al servidor. Un usuario no autenticado podr\u00eda iniciar sesi\u00f3n en la aplicaci\u00f3n y conseguir acceso a los datos y la funcionalidad accesible a la cuenta de usuario apuntada"}], "lastModified": "2024-11-21T05:20:47.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:veritas:aptare:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34583579-4758-41EC-9662-3F0633B34A7B", "versionEndExcluding": "10.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}