Vulnerability Description
Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bilanc | Bilanc | <= 014_31.01.2020 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2020/Dec/38Mailing ListThird Party Advisory
- https://packetstormsecurity.com/files/160626/Programi-Bilanc-Build-007-Release-0Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Dec/38Mailing ListThird Party Advisory
- https://packetstormsecurity.com/files/160626/Programi-Bilanc-Build-007-Release-0Third Party AdvisoryVDB Entry
FAQ
What is CVE-2020-8995?
CVE-2020-8995 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastru...
How severe is CVE-2020-8995?
CVE-2020-8995 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-8995?
Check the references section above for vendor advisories and patch information. Affected products include: Bilanc Bilanc.