Lucene search

[email protected]CVE-2020-21990

HistoryApr 29, 2021 - 2:15 p.m.

CVE-2020-21990

2021-04-2914:15:00

CWE-863

[email protected]

web.nvd.nist.gov

cve-2020-21990

mdah

domoticz iss gateway

api

information disclosure

vulnerability

access control enforcement

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.023 Low

EPSS

Percentile

89.5%

JSON

Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.

CPENameOperatorVersion
domoticz:mydomoathomedomoticz mydomoathomeeq0.240

CPE	Name	Operator	Version
domoticz:mydomoathome	domoticz mydomoathome	eq	0.240

References

www.exploit-db.com/exploits/47824

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5555.php

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.023 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2020-21990

zeroscience1 prion1