Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:9BE8D185-6012-4272-89D3-9D68CEDA7450
HistoryOct 20, 2020 - 12:00 a.m.

CVE-2020-24765

2020-10-2000:00:00
attackerkb.com
20
intermind imind server
remote attack
self-diagnostic archive
security vulnerability
unauthorized access

EPSS

0.024

Percentile

90.1%

JSON

InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request.

Recent assessments:

trump88 at October 10, 2020 6:25am UTC reported:

Authentication Bypass Vulnerability in Mind Server version <= 3.13.65 allows any user to steal the self-diagnostic archive via a direct request <https://PWND.SITE/api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1&gt;. The archive contains copies of the main configuration files and event logs of Mind Server portal. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

Origin: <https://github.com/trump88/CVE-2020-24765&gt;

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5

Related

cve 1
nvd 1
githubexploit 1
prion 1
cvelist 1
cve
cve
CVE-2020-24765
2020-10-20 20:15:14
nvd
nvd
CVE-2020-24765
2020-10-20 20:15:14
githubexploit
githubexploit
Exploit for Forced Browsing in Mind Imind Server
2020-07-07 17:15:57
prion
prion
Server side request forgery (ssrf)
2020-10-20 20:15:00
cvelist
cvelist
CVE-2020-24765
2020-10-20 19:11:24

EPSS

0.024

Percentile

90.1%

JSON
Related for AKB:9BE8D185-6012-4272-89D3-9D68CEDA7450
cve1nvd1githubexploit1prion1cvelist1