← Retour aux CVEs
CVE-2020-35205
CRITICAL9.8
Description
Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie1/11/2021
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
quest:policy_authority_for_unified_communications
Faiblesses (CWE)
CWE-918
References
https://clandestinelabs.io/security-advisories/advisory-multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications(cve@mitre.org)
https://un4gi.io/blog/multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications(cve@mitre.org)
https://clandestinelabs.io/security-advisories/advisory-multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications(af854a3a-2127-422b-91ae-364da2661108)
https://un4gi.io/blog/multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.