PT-2020-12804 · Programi · Programi Bilanc

Georg Ph E Heise

Published

2020-12-19

Updated

2020-12-23

CVE-2020-11718

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Programi Bilanc versions build 007 release 014 31.01.2020 and below

Description An issue was discovered where software-update packages are downloaded via cleartext HTTP, which may expose the updates to interception or tampering.

Recommendations For versions build 007 release 014 31.01.2020 and below, consider using a secure connection, such as HTTPS, for downloading software-update packages to prevent potential interception or tampering. As a temporary workaround, restrict access to the update mechanism until a secure update process is implemented.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2020-11718

Affected Products

Programi Bilanc

PT-2020-12804 · Programi · Programi Bilanc

CVE-2020-11718

Weakness Enumeration

Related Identifiers

Affected Products

References · 7