CVE-2020-9449
Last modified
CVE-2020-9449 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.. EPSS estimates a 1.04% chance of exploitation in the next 30 days.
Description
An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Justblab | Blab\! Ax | 19.11 |
| Justblab | Blab\! Ax Pro | 19.11 |
| Justblab | Blab\! Ws | 19.11 |
| Justblab | Blab\! Ws Pro | 19.11 |
References
- https://justblab.com/latest-newsVendor Advisory
- https://justblab.com/latest-newsVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-9449?
How severe is CVE-2020-9449?
How do I fix CVE-2020-9449?
Are you affected by CVE-2020-9449?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST