CVE-2020-25966

Published: Oct 28, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendor has indicated this is not a vulnerability and states "This vulnerability occurred due to wrong configuration of system.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://sectona.com/products/spectra-privileged-access-management/

x_refsource_MISC

https://gitlab.com/Gazzaz/Spectra_API_Issue/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-25966

Description

Affected Products

References