CVE-2020-28054

Name of the Vulnerable Software and Affected Versions JamoDat TSMManager Collector version up to 6.5.0.21

Description The issue is related to an Authorization Bypass in the Collector component, which does not properly validate an authenticated session with the Viewer. If the Viewer has been modified and the Bypass Login functionality is used, an attacker can access various Collector functionalities as if they were a properly logged-in user. This includes administrating connected instances, reviewing logs, editing configurations, accessing instances' consoles, and accessing hardware configurations. However, exploiting this issue will not grant an attacker access or control over remote ISP servers, as no credentials are sent with the request.

Recommendations For JamoDat TSMManager Collector version up to 6.5.0.21, consider disabling the Bypass Login functionality in the Viewer to prevent unauthorized access until a patch is available. Restrict access to the Collector component to minimize the risk of exploitation. Avoid using modified or binary-patched Viewer versions to prevent potential bypassing of authentication mechanisms. At the moment, there is no information about a newer version that contains a fix for this vulnerability.