Vulnerability Details : CVE-2020-8995
Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools.
Products affected by CVE-2020-8995
- cpe:2.3:a:bilanc:bilanc:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8995
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8995
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-8995
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-8995
-
http://seclists.org/fulldisclosure/2020/Dec/38
Full Disclosure: Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken encryption with guessable static encryption key [CVE-2020-8995]Mailing List;Third Party Advisory
-
https://packetstormsecurity.com/files/160626/Programi-Bilanc-Build-007-Release-014-31.01.2020-Hardcoded-Credentials.html
Programi Bilanc Build 007 Release 014 31.01.2020 Hardcoded Credentials ≈ Packet StormThird Party Advisory;VDB Entry
Jump to