Vulnerability Description
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sectona | Spectra | < 3.4.0 |
Related Weaknesses (CWE)
References
- https://gitlab.com/Gazzaz/Spectra_API_Issue/ExploitThird Party Advisory
- https://sectona.com/products/spectra-privileged-access-management/Product
- https://gitlab.com/Gazzaz/Spectra_API_Issue/ExploitThird Party Advisory
- https://sectona.com/products/spectra-privileged-access-management/Product
FAQ
What is CVE-2020-25966?
CVE-2020-25966 is a vulnerability with a CVSS score of 7.5 (HIGH). Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties t...
How severe is CVE-2020-25966?
CVE-2020-25966 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-25966?
Check the references section above for vendor advisories and patch information. Affected products include: Sectona Spectra.