PT-2020-18587 · Pkobo · Calendar02+7
K
·
Published
2020-08-04
·
Updated
2020-08-06
·
CVE-2020-5616
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Calendar01 version 1.0.0
Calendar02 version 1.0.0
PKOBO-News01 versions 1.0.3 and earlier
PKOBO-vote01 versions 1.0.1 and earlier
Telop01 version 1.0.0
Gallery01 versions 1.0.3 and earlier
CalendarForm01 versions 1.0.3 and earlier
Link01 version 1.0.0
Description
The issue allows remote attackers to bypass authentication and log in to the product with administrative privileges. The exact vectors used for the attack are not specified.
Recommendations
For Calendar01 version 1.0.0, update to a version that addresses the authentication bypass issue.
For Calendar02 version 1.0.0, update to a version that addresses the authentication bypass issue.
For PKOBO-News01 versions 1.0.3 and earlier, update to a version later than 1.0.3.
For PKOBO-vote01 versions 1.0.1 and earlier, update to a version later than 1.0.1.
For Telop01 version 1.0.0, update to a version that addresses the authentication bypass issue.
For Gallery01 versions 1.0.3 and earlier, update to a version later than 1.0.3.
For CalendarForm01 versions 1.0.3 and earlier, update to a version later than 1.0.3.
For Link01 version 1.0.0, update to a version that addresses the authentication bypass issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Calendar01
Calendar02
Calendarform01
Gallery01
Link01
Pkobo-News01
Pkobo-Vote01
Telop01