CVE-2020-28054 - OpenCVE

JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tsmmanager	Tsmmanager

Configuration 1 [-]

cpe:2.3:a:tsmmanager:tsmmanager:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://tsmmanager.com
https://voidsec.com
https://voidsec.com/tivoli-madness/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-19T15:15:55

Updated: 2024-08-04T16:33:56.916Z

Reserved: 2020-11-02T00:00:00

Link: CVE-2020-28054

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-11-19T16:15:10.907

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-28054

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-19T15:15:55", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://voidsec.com"}, {"tags": ["x_refsource_MISC"], "url": "https://tsmmanager.com"}, {"tags": ["x_refsource_MISC"], "url": "https://voidsec.com/tivoli-madness/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-28054", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://voidsec.com", "refsource": "MISC", "url": "https://voidsec.com"}, {"name": "https://tsmmanager.com", "refsource": "MISC", "url": "https://tsmmanager.com"}, {"name": "https://voidsec.com/tivoli-madness/", "refsource": "MISC", "url": "https://voidsec.com/tivoli-madness/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:33:56.916Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://voidsec.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tsmmanager.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://voidsec.com/tivoli-madness/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-28054", "datePublished": "2020-11-19T15:15:55", "dateReserved": "2020-11-02T00:00:00", "dateUpdated": "2024-08-04T16:33:56.916Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tsmmanager:tsmmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C49F1BFE-942F-481B-965B-5177F9131C28", "versionEndIncluding": "6.5.0.21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."}, {"lang": "es", "value": "JamoDat TSMManager Collector versiones hasta 6.5.0.21, es vulnerable a una Omisi\u00f3n de Autorizaci\u00f3n porque el componente Collector no est\u00e1 comprobando apropiadamente una sesi\u00f3n autenticada con el Viewer. Si el Viewer ha sido modificado (parcheado binario) y est\u00e1 siendo usada la funcionalidad Bypass Login, un atacante puede pedir la funcionalidad de cada recopilador como si fuera un usuario que inici\u00f3 sesi\u00f3n apropiadamente: administrando instancias conectadas, revisando registros, editando configuraciones, accediendo a las instancias de unas consolas, accediendo a configuraciones de hardware, etc. La explotaci\u00f3n de esta vulnerabilidad no garantiza a un atacante acceso ni control en los servidores de ISP remotos, ya que las credenciales no son enviadas con la petici\u00f3n"}], "id": "CVE-2020-28054", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-19T16:15:10.907", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://tsmmanager.com"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://voidsec.com"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://voidsec.com/tivoli-madness/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}