PT-2020-10308 · Selesta · Selesta Visual Access Manager

Published

2020-02-26

Updated

2020-02-27

CVE-2019-19989

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Selesta Visual Access Manager (VAM) versions 4.15.0 through 4.29

Description An issue was discovered where several PHP pages and other types of files in Selesta Visual Access Manager (VAM) are accessible by any user without proper checks for user identity and authorization.

Recommendations For versions 4.15.0 through 4.29, restrict access to sensitive PHP pages and files to authorized users only, ensuring proper authentication and authorization mechanisms are in place.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2019-19989

Affected Products

Selesta Visual Access Manager

PT-2020-10308 · Selesta · Selesta Visual Access Manager

CVE-2019-19989

Weakness Enumeration

Related Identifiers

Affected Products

References · 5