Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-28T17:37:16

Updated: 2024-08-04T15:49:06.455Z

Reserved: 2020-09-24T00:00:00

Link: CVE-2020-25966

cve-icon Vulnrichment

Updated: 2024-08-04T15:49:06.455Z

cve-icon NVD

Status : Modified

Published: 2020-10-28T18:15:13.413

Modified: 2024-11-21T05:19:01.203

Link: CVE-2020-25966

cve-icon Redhat

No data.