Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-12145

Опубликовано: 05 нояб. 2020
Источник: nvd
CVSS3: 6.6
CVSS3: 9.8
CVSS2: 7.5
EPSS Средний

Описание

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted by customers –on-premise or in a public cloud provider –are affected by this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:silver-peak:unity_orchestrator:*:*:*:*:*:*:*:*
Версия до 8.9.11\+ (исключая)
cpe:2.3:a:silver-peak:unity_orchestrator:*:*:*:*:*:*:*:*
Версия от 8.10 (включая) до 8.10.11\+ (исключая)
cpe:2.3:a:silver-peak:unity_orchestrator:*:*:*:*:*:*:*:*
Версия от 9.0 (включая) до 9.0.1\+ (исключая)

EPSS

Процентиль: 98%
0.5904
Средний

6.6 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287
CWE-287

Связанные уязвимости

github логотип

GHSA-q4mf-j4qj-96f2

github
больше 3 лет назад

Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted by customers –on-premise or in a public cloud provider –are affected by this vulnerability.

EPSS

Процентиль: 98%
0.5904
Средний

6.6 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287
CWE-287