CRITICAL🇬🇧 English

CVE-2020-9045

CVSS 9.9v3.1pub. 2020-05-21upd. 2024-11-21

During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Johnsoncontrols C Cure 9000 Firmware

    OS
    Johnsoncontrols
    2.70
  • Tyco Victor Video Management System

    APP
    Tyco
    5.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-27660HIGH8.8ten sam produkt

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows p...

CVE-2021-36201MEDIUM4.3ten sam produkt

Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and p...

CVE-2024-32758CRITICAL9.0PL ✓ten sam vendor

Niewystarczająca długość klucza kryptograficznego w komunikacji exacqVision

CVE-2023-4804CRITICAL10.0ten sam vendor

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.

CVE-2023-2024CRITICAL10.0ten sam vendor

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access ...