PT-2020-15618 · Umanni · Umanni Rh

Inflixim4Be

Published

2020-08-26

Updated

2020-09-01

CVE-2020-24007

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Umanni RH version 1.0

Description The issue allows an unauthenticated user to launch a brute-force authentication attack against the Login page due to a lack of limitation on the number of authentication attempts.

Recommendations For Umanni RH version 1.0, consider implementing a mechanism to limit the number of authentication attempts to prevent brute-force attacks. As a temporary workaround, restrict access to the Login page to minimize the risk of exploitation.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2020-24007

Affected Products

Umanni Rh

PT-2020-15618 · Umanni · Umanni Rh

CVE-2020-24007

Weakness Enumeration

Related Identifiers

Affected Products

References · 4