CVE-2020-15850

Sažetak

Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.

Reference

https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities
https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

05-04-2022 - 15:39

Objavljeno

24-09-2020 - 21:15