CRITICAL🇵🇱 Wersja polska

CVE-2020-9045

CVSS 9.9v3.1pub. 2020-05-21upd. 2024-11-21

During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Johnsoncontrols C Cure 9000 Firmware

    OS
    Johnsoncontrols
    2.70
  • Tyco Victor Video Management System

    APP
    Tyco
    5.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-27660HIGH8.8ten sam produkt

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows p...

CVE-2021-36201MEDIUM4.3ten sam produkt

Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and p...

CVE-2024-32758CRITICAL9.0PL ✓ten sam vendor

Niewystarczająca długość klucza kryptograficznego w komunikacji exacqVision

CVE-2023-4804CRITICAL10.0ten sam vendor

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.

CVE-2023-2024CRITICAL10.0ten sam vendor

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access ...