PT-2020-20462 · American Dynamics+1 · American Dynamics Victor Web Client+1

Published

2020-11-19

Updated

2020-12-04

CVE-2020-9049

CVSS v3.1

7.1

High

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions American Dynamics victor Web Client (affected versions not specified) Software House C•CURE Web Client (affected versions not specified)

Description A vulnerability could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-285

Related Identifiers

CVE-2020-9049

Affected Products

American Dynamics Victor Web Client

C•Cure Web Client

PT-2020-20462 · American Dynamics+1 · American Dynamics Victor Web Client+1

CVE-2020-9049

Weakness Enumeration

Related Identifiers

Affected Products

References · 7