PT-2020-17796 · Ultralog · Ultralog Express
Alan Chung
·
Published
2020-03-27
·
Updated
2024-09-17
·
CVE-2020-3920
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
UltraLog Express (affected versions not specified)
Description
The UltraLog Express device management interface has an issue with access authentication on certain pages or functions. This allows any user to access a privileged page for managing accounts by navigating through a specific system directory.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ultralog Express