CVE-2020-7000

Summary

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface.

Affected Software

VendorProductVersion RangeStatus
VISAMVBASE Editor11.5.0.2affected
VISAMVBASE Web-Remote Moduleallaffected

Weaknesses

  • CWE-922: INSECURE STORAGE OF SENSITIVE INFORMATION CWE-922

ADP Enrichment

CVE Program Container

Additional References

References