CVE-2020-9000

Name of the Vulnerable Software and Affected Versions: iPortalis iCS version 7.1.13.0

Description: An issue was discovered in iPortalis iCS where attackers can send a sequence of requests to rapidly cause .NET Input Validation errors. This increases the size of the log file on the remote server until memory is exhausted, consuming the maximum amount of resources and triggering a denial of service condition.

Recommendations: For iPortalis iCS version 7.1.13.0, consider implementing rate limiting on incoming requests to prevent rapid sequences of requests that could cause .NET Input Validation errors. Additionally, monitor log file sizes and implement log rotation to prevent memory exhaustion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.