CVE-2020-10601

Published: Apr 3, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash.

Affected (2)

Products: Visam: Vbase Editor, Vbase Web Remote

2 products

Vbase Web Remote

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Visam Vbase Editor	Version 11.5.0.2
Visam Vbase Web Remote	All versions

Related CWEs

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

References (2)

https://www.us-cert.gov/ics/advisories/icsa-20-084-01

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsa-20-084-01

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.