Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-28T17:37:16
Updated: 2024-08-04T15:49:06.455Z
Reserved: 2020-09-24T00:00:00
Link: CVE-2020-25966
Vulnrichment
Updated: 2024-08-04T15:49:06.455Z
NVD
Status : Modified
Published: 2020-10-28T18:15:13.413
Modified: 2024-11-21T05:19:01.203
Link: CVE-2020-25966
Redhat
No data.