CVE-2020-9449
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
42.8%
An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| justblab | blab\!_ax | 19.11 | cpe:2.3:a:justblab:blab\!_ax:19.11:*:*:*:*:*:*:* |
| justblab | blab\!_ax_pro | 19.11 | cpe:2.3:a:justblab:blab\!_ax_pro:19.11:*:*:*:*:*:*:* |
| justblab | blab\!_ws | 19.11 | cpe:2.3:a:justblab:blab\!_ws:19.11:*:*:*:*:*:*:* |
| justblab | blab\!_ws_pro | 19.11 | cpe:2.3:a:justblab:blab\!_ws_pro:19.11:*:*:*:*:*:*:* |
References
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
42.8%