7 matches found
CVE-2020-25966
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendo...
Sectona Spectra Information Disclosure Vulnerability
Sectona Spectra is a privilege management system for enterprise device access from US-based sectona. The platform supports the consolidation of accounts in the cloud with local accounts to centralize enterprise device management and improve access security. An information disclosure vulnerability...
CVE-2020-25966
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendo...
Security feature bypass
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendo...
CVE-2020-25966
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendo...
CVE-2020-25966
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendo...
CVE-2020-25966
Sectona Spectra (before 3.4.0) exposes a vulnerable SOAP API endpoint that can disclose sensitive information about provisioned assets, including login credentials, without proper authentication by manipulating the pAccountID value. This has been reported across multiple sources (Red Hat, CNVD, C...