CVE-2020-12146

Summary

In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API.

Affected Software

VendorProductVersion RangeStatus
Silver Peak Systems, Inc.Unity OrchestratorAll versions affected prior to Silver Peak Unity Orchestrator 8.9.11+affected
Silver Peak Systems, Inc.Unity Orchestrator8.10.11+affected
Silver Peak Systems, Inc.Unity Orchestratoror 9.0.1+.affected

Weaknesses

  • CVE-2020-12147
  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References