PT-2021-11984 · Owncloud · Owncloud

Published

2021-02-19

Updated

2021-07-21

CVE-2020-36250

CVSS v3.1

6.1

Medium

Vector

AC:L/AV:P/A:N/C:H/I:H/PR:N/S:U/UI:N

Name of the Vulnerable Software and Affected Versions: ownCloud versions prior to 2.15 for Android

Description: The lock protection mechanism in the ownCloud application can be bypassed by moving the system date and time into the past. This allows an attacker to circumvent the security measures in place.

Recommendations: For ownCloud versions prior to 2.15 for Android, update to version 2.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the application until the update can be applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-36250

Affected Products

Owncloud

PT-2021-11984 · Owncloud · Owncloud

CVE-2020-36250

Related Identifiers

Affected Products

References · 7