CVE-2020-28054 - Vulnerability Details - OpenCVE

JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.01163.

Key SSVC decision points have not yet been added.

Vendors	Products
Tsmmanager	Tsmmanager

Configuration 1 [-]

cpe:2.3:a:tsmmanager:tsmmanager:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://tsmmanager.com
https://voidsec.com
https://voidsec.com/tivoli-madness/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-19T15:15:55

Updated: 2024-08-04T16:33:56.916Z

Reserved: 2020-11-02T00:00:00

Link: CVE-2020-28054

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-11-19T16:15:10.907

Modified: 2024-11-21T05:22:17.583

Link: CVE-2020-28054

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-19T15:15:55", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://voidsec.com"}, {"tags": ["x_refsource_MISC"], "url": "https://tsmmanager.com"}, {"tags": ["x_refsource_MISC"], "url": "https://voidsec.com/tivoli-madness/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-28054", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://voidsec.com", "refsource": "MISC", "url": "https://voidsec.com"}, {"name": "https://tsmmanager.com", "refsource": "MISC", "url": "https://tsmmanager.com"}, {"name": "https://voidsec.com/tivoli-madness/", "refsource": "MISC", "url": "https://voidsec.com/tivoli-madness/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:33:56.916Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://voidsec.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tsmmanager.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://voidsec.com/tivoli-madness/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-28054", "datePublished": "2020-11-19T15:15:55", "dateReserved": "2020-11-02T00:00:00", "dateUpdated": "2024-08-04T16:33:56.916Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tsmmanager:tsmmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C49F1BFE-942F-481B-965B-5177F9131C28", "versionEndIncluding": "6.5.0.21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."}, {"lang": "es", "value": "JamoDat TSMManager Collector versiones hasta 6.5.0.21, es vulnerable a una Omisi\u00f3n de Autorizaci\u00f3n porque el componente Collector no est\u00e1 comprobando apropiadamente una sesi\u00f3n autenticada con el Viewer. Si el Viewer ha sido modificado (parcheado binario) y est\u00e1 siendo usada la funcionalidad Bypass Login, un atacante puede pedir la funcionalidad de cada recopilador como si fuera un usuario que inici\u00f3 sesi\u00f3n apropiadamente: administrando instancias conectadas, revisando registros, editando configuraciones, accediendo a las instancias de unas consolas, accediendo a configuraciones de hardware, etc. La explotaci\u00f3n de esta vulnerabilidad no garantiza a un atacante acceso ni control en los servidores de ISP remotos, ya que las credenciales no son enviadas con la petici\u00f3n"}], "id": "CVE-2020-28054", "lastModified": "2024-11-21T05:22:17.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-19T16:15:10.907", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://tsmmanager.com"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://voidsec.com"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://voidsec.com/tivoli-madness/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://tsmmanager.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://voidsec.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://voidsec.com/tivoli-madness/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}