CVE-2020-25848

Published: Dec 31, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.

Affected (10)

Products: Hgiga: Msr45 Isherlock Antispam, Msr45 Isherlock Audit, Msr45 Isherlock Base, Msr45 Isherlock User, Msr45 Isherlock Useradmin, Ssr45 Isherlock Antispam, Ssr45 Isherlock Audit, Ssr45 Isherlock Base, Ssr45 Isherlock User, Ssr45 Isherlock Useradmin

10 products

Msr45 Isherlock Antispam

Msr45 Isherlock Audit

Msr45 Isherlock Base

Msr45 Isherlock User

Msr45 Isherlock Useradmin

Ssr45 Isherlock Antispam

Ssr45 Isherlock Audit

Ssr45 Isherlock Base

Ssr45 Isherlock User

Ssr45 Isherlock Useradmin

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Hgiga Msr45 Isherlock Antispam	Before 4.5-130
Hgiga Msr45 Isherlock Audit	Before 4.5-143
Hgiga Msr45 Isherlock Base	Before 4.5-243
Hgiga Msr45 Isherlock User	Before 4.5-114
Hgiga Msr45 Isherlock Useradmin	Before 4.5-122
Hgiga Ssr45 Isherlock Antispam	Before 4.5-130
Hgiga Ssr45 Isherlock Audit	Before 4.5-143
Hgiga Ssr45 Isherlock Base	Before 4.5-243
Hgiga Ssr45 Isherlock User	Before 4.5-114
Hgiga Ssr45 Isherlock Useradmin	Before 4.5-112

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.twcert.org.tw/tw/cp-132-4256-cfc5a-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-4256-cfc5a-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.