CVE-2020-12146
6.6
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Silver Peak Systems, Inc. | Unity Orchestrator | All versions affected prior to Silver Peak Unity Orchestrator 8.9.11+ | affected |
| Silver Peak Systems, Inc. | Unity Orchestrator | 8.10.11+ | affected |
| Silver Peak Systems, Inc. | Unity Orchestrator | or 9.0.1+. | affected |
Weaknesses
- CVE-2020-12147
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.