PT-2020-10283 · Bender · Com465Dp+6
Maxim Rupp
·
Published
2020-10-16
·
Updated
2020-10-26
·
CVE-2019-19885
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Bender COMTRAXX versions prior to 4.2.0
COM465IP versions prior to 4.2.0
COM465DP versions prior to 4.2.0
COM465ID versions prior to 4.2.0
CP700 versions prior to 4.2.0
CP907 versions prior to 4.2.0
CP915 versions prior to 4.2.0
Description
The issue concerns inadequate user authorization validation in certain routes of the system, allowing unauthorized access to configuration data. A user with knowledge of the system's routes can read and write configuration data without proper authorization.
Recommendations
For versions prior to 4.2.0, update to version 4.2.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to sensitive routes and configuration data until the update is applied.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bender Comtraxx
Com465Dp
Com465Id
Com465Ip
Cp700
Cp907
Cp915