CVE-2020-27157

Published: Oct 15, 2020Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account.

Affected (1)

Products: Veritas: Aptare

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Veritas Aptare	Before 10.5

Related CWEs

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (2)

https://www.veritas.com/content/support/en_US/security/VTS20-006#issue2

Source: cve@mitre.org

Vendor Advisory

https://www.veritas.com/content/support/en_US/security/VTS20-006#issue2

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.