Vulnerability Details CVE-2020-15851
Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes
- https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities
- https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes
- https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities
Products affected by CVE-2020-15851
-
cpe:2.3:a:nakivo:backup_&_replication_transporter:9.4.0.r43656