CVE-2020-7004

Published: Apr 3, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application.

Affected (2)

Products: Visam: Vbase Editor, Vbase Web Remote

2 products

Vbase Web Remote

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Visam Vbase Editor	Version 11.5.0.2
Visam Vbase Web Remote	All versions

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://www.us-cert.gov/ics/advisories/icsa-20-084-01

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsa-20-084-01

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.