CVE-2020-27183

Name of the Vulnerable Software and Affected Versions konzept-ix publiXone versions prior to 2020.015

Description The issue is related to a RemoteFunctions endpoint with missing access control, allowing attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.

Recommendations For versions prior to 2020.015, update to version 2020.015 or later to resolve the issue. As a temporary workaround, consider restricting access to the RemoteFunctions endpoint until a patch is available.