Lucene search

K
nvd[email protected]NVD:CVE-2020-15333
HistorySep 29, 2022 - 3:15 a.m.

CVE-2020-15333

2022-09-2903:15:13
CWE-89
web.nvd.nist.gov
zyxel cloudcnm
secumanager 3.1.0
secumanager 3.1.1
account discovery
mysql
vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

46.4%

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL β€œselect * from Administrator_users” and β€œselect * from Users_users” requests.

Affected configurations

NVD
Node
zyxelcloudcnm_secumanagerMatch3.1.0
OR
zyxelcloudcnm_secumanagerMatch3.1.1

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

46.4%

Related for NVD:CVE-2020-15333