CVE-2020-14946

Name of the Vulnerable Software and Affected Versions Global RADAR BSA Radar versions 1.6.7234.24750 and earlier

Description The issue allows users to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy, potentially exposing sensitive files or configuration files. This is possible through the downloadFile.ashx in the Administrator section of the Surveillance module.

Recommendations For Global RADAR BSA Radar versions 1.6.7234.24750 and earlier, as a temporary workaround, consider restricting access to the downloadFile.ashx file in the Administrator section of the Surveillance module to minimize the risk of exploitation. Avoid using the FileName and FilePath parameters in the affected URL until the issue is resolved.