PT-2020-16249 · Soplanning · Soplanning

Thomasfady

·

Published

2020-10-07

·

Updated

2020-10-15

·

CVE-2020-25867

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions SoPlanning versions prior to 1.47
Description The issue allows a bypass to get access without authentication due to incorrect security key checks for publicly shared plannings.
Recommendations For versions prior to 1.47, update to version 1.47 or later to resolve the issue.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-25867

Affected Products

Soplanning