HIGH🇵🇱 Wersja polska

CVE-2020-7591

CVSS 8.8v3.1pub. 2020-10-15upd. 2024-11-21

A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the device could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature ("Allow logon without password") is enabled.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Siemens Siport Mp

    APP
    Siemens
    < 3.2.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2019-19277MEDIUM6.5ten sam produkt

A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device all...

CVE-2026-0300CRITICAL9.3⚠ KEVPL ✓ten sam vendor

Buffer overflow RCE z uprawnieniami root w PAN-OS Captive Portal

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML

CVE-2022-22965CRITICAL9.8⚠ KEVten sam vendor

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...