CVE-2020-8497 : In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the cha

In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.

Published 2020-03-23 15:15:15

Updated 2021-07-21 11:39:24

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-8497

Artica » Pandora Fms
Versions up to, including, (<=) 7.42
cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-8497

EPSS FAQ

27.62%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-8497

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2020-8497

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-8497

https://k4m1ll0.com/cve-2020-8497.html

CVE-2020-8497
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-8497

Products affected by CVE-2020-8497

Exploit prediction scoring system (EPSS) score for CVE-2020-8497

CVSS scores for CVE-2020-8497

CWE ids for CVE-2020-8497

References for CVE-2020-8497