PT-2020-17351 · Mersive · Solstice Pod

Published

2020-12-23

Updated

2021-07-21

CVE-2020-35584

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Solstice Pod versions prior to 3.0.3

Description The issue allows users to connect to web services over unencrypted channels via the Browser Look-in feature. An attacker could record and monitor legitimate user interactions with the web services, obtaining supplied information, including Administrator passwords and screen keys.

Recommendations For versions prior to 3.0.3, update to version 3.0.3 or later to resolve the issue. As a temporary workaround, consider disabling the Browser Look-in feature until a patch is available. Restrict access to the web services to minimize the risk of exploitation. Avoid using the feature until the issue is resolved.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2020-35584

Affected Products

Solstice Pod

PT-2020-17351 · Mersive · Solstice Pod

CVE-2020-35584

Weakness Enumeration

Related Identifiers

Affected Products

References · 6