CVE-2020-13963

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.47

Description The issue is related to incorrect access control due to public secret key information and its related authentication algorithm. Specifically, the key for the admin account is hardcoded in the installation code, and there is no key for the publicsp guest account.

Recommendations For versions prior to 1.47, update to version 1.47 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin account and publicsp guest account until the update is applied.