CVE-2020-25096

Name of the Vulnerable Software and Affected Versions LogRhythm Platform Manager version 7.4.9

Description The issue concerns incorrect access control within the LogRhythm Platform Manager. Users with delegated roles and privileges can interact with any back-end component that has a LogRhythm agent installed due to a lack of access control enforcement for WebSocket-based communication to the application server. This allows even low-privileged users to access back-end servers regardless of their access rights.

Recommendations For version 7.4.9, consider restricting access to the WebSocket-based communication to the PM application server until a patch is available. As a temporary workaround, limit the interaction with back-end components to only those necessary for the user's role, and monitor user activity closely to detect any unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.