CVE-2020-25966

Name of the Vulnerable Software and Affected Versions Sectona Spectra versions prior to 3.4.0

Description The issue concerns a vulnerable SOAP API endpoint that leaks sensitive information about configured assets without proper authentication. This could be exploited by unauthorized parties to obtain configured login credentials of the assets via a modified pAccountID value.

Recommendations For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable SOAP API endpoint to minimize the risk of exploitation. Avoid using the pAccountID value in the affected API endpoint until the issue is resolved.