PT-2020-15836 · Intermind · Imind Server

Published

2020-10-20

Updated

2021-07-21

CVE-2020-24765

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions InterMind iMind Server versions prior to 3.13.66

Description The issue allows remote unauthenticated attackers to read the self-diagnostic archive. This can be achieved via a direct request to the "api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1" API endpoint.

Recommendations For versions prior to 3.13.66, as a temporary workaround, consider restricting access to the "api/rs/monitoring/rs/api/system/dump-diagnostic-info" API endpoint until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-425

Related Identifiers

CVE-2020-24765

Affected Products

Imind Server

PT-2020-15836 · Intermind · Imind Server

CVE-2020-24765

Weakness Enumeration

Related Identifiers

Affected Products

References · 3