CVE-2020-27183 - OpenCVE

A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Konzept-ix	Publixone

Configuration 1 [-]

cpe:2.3:a:konzept-ix:publixone:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone/
https://seclists.org/fulldisclosure/2020/Oct/28

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-27T04:21:42

Updated: 2024-08-04T16:11:35.993Z

Reserved: 2020-10-16T00:00:00

Link: CVE-2020-27183

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-10-27T05:15:13.130

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-27183

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-27T04:21:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://seclists.org/fulldisclosure/2020/Oct/28"}, {"tags": ["x_refsource_MISC"], "url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-27183", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://seclists.org/fulldisclosure/2020/Oct/28", "refsource": "MISC", "url": "https://seclists.org/fulldisclosure/2020/Oct/28"}, {"name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone/", "refsource": "MISC", "url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:11:35.993Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/fulldisclosure/2020/Oct/28"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-27183", "datePublished": "2020-10-27T04:21:42", "dateReserved": "2020-10-16T00:00:00", "dateUpdated": "2024-08-04T16:11:35.993Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:konzept-ix:publixone:*:*:*:*:*:*:*:*", "matchCriteriaId": "047563F6-1A70-45C2-880C-1726E7DA0DF8", "versionEndExcluding": "2020.015", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact."}, {"lang": "es", "value": "Un endpoint RemoteFunctions con una falta de control de acceso en konzept-ix publiXone versiones anteriores a 2020.015, permite a atacantes divulgar informaci\u00f3n confidencial del usuario, enviar correos electr\u00f3nicos arbitrarios, escalar los privilegios de cuentas de usuario arbitrarias y tener otro impacto no especificado"}], "id": "CVE-2020-27183", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-27T05:15:13.130", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-publixone/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2020/Oct/28"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}