Vulnerability Details : CVE-2020-10552
An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well.
Exploit prediction scoring system (EPSS) score for CVE-2020-10552
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 27 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-10552
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2020-10552
-
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-10552
-
https://www.x41-dsec.de/lab/advisories/x41-2020-002-psyprax
Advisory X41-2020-002: Multiple Vulnerabilities in Psyprax 3.1.2.2 | X41 D-SEC GmbHThird Party Advisory
Products affected by CVE-2020-10552
- cpe:2.3:a:psyprax:psyprax:*:*:*:*:*:*:*:*