PT-2020-19640 · Siport · Siport Mp

Published

2020-10-15

Updated

2022-06-15

CVE-2020-7591

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SIPORT MP versions prior to 3.2.1

Description A vulnerability has been identified that could allow an authenticated attacker to impersonate other users of the system and perform actions on their behalf if the single sign-on feature "Allow logon without password" is enabled.

Recommendations For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider disabling the "Allow logon without password" feature to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-603

Related Identifiers

CVE-2020-7591

Affected Products

Siport Mp

PT-2020-19640 · Siport · Siport Mp

CVE-2020-7591

Weakness Enumeration

Related Identifiers

Affected Products

References · 4