Strix
26.1K

CVE-2020-27157

HIGHCVSS 8.1/10EPSS 0.97%

Last modified

CVE-2020-27157 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account.. EPSS estimates a 0.97% chance of exploitation in the next 30 days.

Description

Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account.

Metrics

CVSS 3.1
8.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.97%

57.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
VeritasAptare< 10.5

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-27157?
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account.
How severe is CVE-2020-27157?
CVE-2020-27157 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 0.97% probability of exploitation in the next 30 days.
How do I fix CVE-2020-27157?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-27157?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST