Vulnerability Description
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tsmmanager | Tsmmanager | <= 6.5.0.21 |
References
- https://tsmmanager.comProduct
- https://voidsec.comThird Party Advisory
- https://voidsec.com/tivoli-madness/Third Party Advisory
- https://tsmmanager.comProduct
- https://voidsec.comThird Party Advisory
- https://voidsec.com/tivoli-madness/Third Party Advisory
FAQ
What is CVE-2020-28054?
CVE-2020-28054 is a vulnerability with a CVSS score of 7.5 (HIGH). JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the...
How severe is CVE-2020-28054?
CVE-2020-28054 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-28054?
Check the references section above for vendor advisories and patch information. Affected products include: Tsmmanager Tsmmanager.