HIGH🇵🇱 Wersja polska

CVE-2020-16244

CVSS 7.2v3.1pub. 2020-09-23upd. 2024-11-21

GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Ge Asset Performance Management Classic

    APP
    Ge
    ≤ 4.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
IDOR
CWE
References

Related vulnerabilities

CVE-2020-16240MEDIUM5.3ten sam produkt

GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allow...

CVE-2023-5908CRITICAL9.1PL ✓ten sam vendor

Buffer overflow w KEPServerEX umożliwiający crash lub wyciek danych

CVE-2022-2848CRITICAL9.1ten sam vendor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...

CVE-2022-2825CRITICAL9.8ten sam vendor

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPS...

CVE-2023-0754CRITICAL9.8ten sam vendor

The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to ...