CVE-2020-25966

Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sectona:spectra:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:20

Type Values Removed Values Added
Summary ** DISPUTED ** Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system." Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system.

26 Apr 2022, 16:31

Type Values Removed Values Added
CWE CWE-922 CWE-306

Information

Published : 2020-10-28 18:15

Updated : 2024-06-11 16:15


NVD link : CVE-2020-25966

Mitre link : CVE-2020-25966

CVE.ORG link : CVE-2020-25966


JSON object : View

Products Affected

sectona

  • spectra
CWE
CWE-306

Missing Authentication for Critical Function