CVE-2020-13963

{"id": "CVE-2020-13963", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-03-21T21:15:12.530", "references": [{"url": "https://cwe.mitre.org/data/definitions/321.html", "tags": ["Technical Description"], "source": "cve@mitre.org"}, {"url": "https://forum.soplanning.org/viewforum.php?f=8", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://labs.integrity.pt/advisories/cve-2020-13963/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account)."}, {"lang": "es", "value": "SOPlanning versiones anteriores a 1.47, presenta un Control de Acceso Incorrecto porque determinada informaci\u00f3n de clave secreta y el algoritmo de autenticaci\u00f3n relacionado es p\u00fablico. La clave de administrador est\u00e1 embebida en el c\u00f3digo de instalaci\u00f3n y no existe clave para publicsp (que es una cuenta de invitado)"}], "lastModified": "2022-11-05T02:04:33.607", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C314621-724F-435A-8B74-3C7CD3A4CAB6", "versionEndExcluding": "1.47", "versionStartIncluding": "1.45"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}