Vulnerability Description
EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposing administrative credentials, database connection details, and system configuration information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eibiz | I-Media Server Digital Signage | 3.8.0 |
Related Weaknesses (CWE)
References
- http://www.eibiz.co.thBroken Link
- https://www.exploit-db.com/exploits/48764ExploitThird Party AdvisoryVDB Entry
- https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5583.phpExploitThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5583.phpExploitThird Party Advisory
FAQ
What is CVE-2020-36895?
CVE-2020-36895 is a vulnerability with a CVSS score of 7.5 (HIGH). EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object ref...
How severe is CVE-2020-36895?
CVE-2020-36895 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36895?
Check the references section above for vendor advisories and patch information. Affected products include: Eibiz I-Media Server Digital Signage.