PT-2020-20585 · Aquaforest · Aquaforest Tiff Server

Published

2020-03-18

Updated

2021-07-21

CVE-2020-9325

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Aquaforest TIFF Server version 4.0

Description The issue allows for unauthenticated arbitrary file download. This means that an attacker can download files from the server without needing to authenticate.

Recommendations For Aquaforest TIFF Server version 4.0, update to a newer version that contains a fix for this issue. If no specific fix is provided for version 4.0, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-22

Related Identifiers

CVE-2020-9325

Affected Products

Aquaforest Tiff Server

PT-2020-20585 · Aquaforest · Aquaforest Tiff Server

CVE-2020-9325

Weakness Enumeration

Related Identifiers

Affected Products

References · 6