Vulnerability Details CVE-2020-26118
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- https://support.smartbear.com/collaborator/docs/general-info/version-history/ver-13/ver-13-0.html
- https://support.smartbear.com/collaborator/docs/general-info/whats-new.html
- https://support.smartbear.com/collaborator/docs/server/index.html
- https://support.smartbear.com/collaborator/docs/general-info/version-history/ver-13/ver-13-0.html
- https://support.smartbear.com/collaborator/docs/general-info/whats-new.html
- https://support.smartbear.com/collaborator/docs/server/index.html
Products affected by CVE-2020-26118
-
cpe:2.3:a:smartbear:collaborator:-
-
cpe:2.3:a:smartbear:collaborator:1.0.345
-
cpe:2.3:a:smartbear:collaborator:1.0.346
-
cpe:2.3:a:smartbear:collaborator:1.0.347
-
cpe:2.3:a:smartbear:collaborator:1.0.349
-
cpe:2.3:a:smartbear:collaborator:1.0.351
-
cpe:2.3:a:smartbear:collaborator:1.0.352
-
cpe:2.3:a:smartbear:collaborator:1.0.353
-
cpe:2.3:a:smartbear:collaborator:1.0.354
-
cpe:2.3:a:smartbear:collaborator:1.0.355
-
cpe:2.3:a:smartbear:collaborator:1.0.356
-
cpe:2.3:a:smartbear:collaborator:1.0.357
-
cpe:2.3:a:smartbear:collaborator:1.0.358
-
cpe:2.3:a:smartbear:collaborator:1.0.359
-
cpe:2.3:a:smartbear:collaborator:1.0.360
-
cpe:2.3:a:smartbear:collaborator:1.0.361
-
cpe:2.3:a:smartbear:collaborator:1.0.400
-
cpe:2.3:a:smartbear:collaborator:1.0.402
-
cpe:2.3:a:smartbear:collaborator:1.0.406
-
cpe:2.3:a:smartbear:collaborator:1.0.407
-
cpe:2.3:a:smartbear:collaborator:1.0.408
-
cpe:2.3:a:smartbear:collaborator:1.0.409
-
cpe:2.3:a:smartbear:collaborator:1.0.410
-
cpe:2.3:a:smartbear:collaborator:1.1.421
-
cpe:2.3:a:smartbear:collaborator:1.1.422
-
cpe:2.3:a:smartbear:collaborator:1.1.423
-
cpe:2.3:a:smartbear:collaborator:1.1.424
-
cpe:2.3:a:smartbear:collaborator:1.1.425
-
cpe:2.3:a:smartbear:collaborator:1.1.426
-
cpe:2.3:a:smartbear:collaborator:1.1.427
-
cpe:2.3:a:smartbear:collaborator:1.1.428
-
cpe:2.3:a:smartbear:collaborator:1.1.429
-
cpe:2.3:a:smartbear:collaborator:1.1.433
-
cpe:2.3:a:smartbear:collaborator:1.1.435
-
cpe:2.3:a:smartbear:collaborator:1.1.436
-
cpe:2.3:a:smartbear:collaborator:1.1.442
-
cpe:2.3:a:smartbear:collaborator:1.2.500
-
cpe:2.3:a:smartbear:collaborator:1.2.501
-
cpe:2.3:a:smartbear:collaborator:1.2.502
-
cpe:2.3:a:smartbear:collaborator:1.2.503
-
cpe:2.3:a:smartbear:collaborator:1.2.504
-
cpe:2.3:a:smartbear:collaborator:1.2.505
-
cpe:2.3:a:smartbear:collaborator:1.2.506
-
cpe:2.3:a:smartbear:collaborator:1.2.507
-
cpe:2.3:a:smartbear:collaborator:1.2.508
-
cpe:2.3:a:smartbear:collaborator:1.2.512
-
cpe:2.3:a:smartbear:collaborator:1.2.515
-
cpe:2.3:a:smartbear:collaborator:1.2.516
-
cpe:2.3:a:smartbear:collaborator:10.0.10000
-
cpe:2.3:a:smartbear:collaborator:10.0.10001
-
cpe:2.3:a:smartbear:collaborator:10.1.10100
-
cpe:2.3:a:smartbear:collaborator:10.1.10101
-
cpe:2.3:a:smartbear:collaborator:10.2.10200
-
cpe:2.3:a:smartbear:collaborator:11.0.11000
-
cpe:2.3:a:smartbear:collaborator:11.1.11100
-
cpe:2.3:a:smartbear:collaborator:11.1.11101
-
cpe:2.3:a:smartbear:collaborator:11.1.11103
-
cpe:2.3:a:smartbear:collaborator:11.2.11200
-
cpe:2.3:a:smartbear:collaborator:11.2.11201
-
cpe:2.3:a:smartbear:collaborator:11.3.11300
-
cpe:2.3:a:smartbear:collaborator:11.3.11301
-
cpe:2.3:a:smartbear:collaborator:11.3.11302
-
cpe:2.3:a:smartbear:collaborator:11.4.11400
-
cpe:2.3:a:smartbear:collaborator:11.4.11401
-
cpe:2.3:a:smartbear:collaborator:11.4.11402
-
cpe:2.3:a:smartbear:collaborator:11.4.11403
-
cpe:2.3:a:smartbear:collaborator:11.4.11404
-
cpe:2.3:a:smartbear:collaborator:11.4.11405
-
cpe:2.3:a:smartbear:collaborator:11.5.11500
-
cpe:2.3:a:smartbear:collaborator:11.5.11501
-
cpe:2.3:a:smartbear:collaborator:11.5.11502
-
cpe:2.3:a:smartbear:collaborator:11.5.11503
-
cpe:2.3:a:smartbear:collaborator:11.5.11504
-
cpe:2.3:a:smartbear:collaborator:11.5.11505
-
cpe:2.3:a:smartbear:collaborator:11.5.11506
-
cpe:2.3:a:smartbear:collaborator:11.5.11507
-
cpe:2.3:a:smartbear:collaborator:11.5.11508
-
cpe:2.3:a:smartbear:collaborator:11.5.11509
-
cpe:2.3:a:smartbear:collaborator:11.5.11510
-
cpe:2.3:a:smartbear:collaborator:11.5.11511
-
cpe:2.3:a:smartbear:collaborator:12.0.12000
-
cpe:2.3:a:smartbear:collaborator:12.1.12100
-
cpe:2.3:a:smartbear:collaborator:12.1.12101
-
cpe:2.3:a:smartbear:collaborator:12.2.12200
-
cpe:2.3:a:smartbear:collaborator:12.2.12201
-
cpe:2.3:a:smartbear:collaborator:12.2.12202
-
cpe:2.3:a:smartbear:collaborator:12.2.12203
-
cpe:2.3:a:smartbear:collaborator:12.2.12204
-
cpe:2.3:a:smartbear:collaborator:12.2.12205
-
cpe:2.3:a:smartbear:collaborator:12.2.12206
-
cpe:2.3:a:smartbear:collaborator:12.2.12207
-
cpe:2.3:a:smartbear:collaborator:12.3.12300
-
cpe:2.3:a:smartbear:collaborator:12.3.12301
-
cpe:2.3:a:smartbear:collaborator:12.3.12302
-
cpe:2.3:a:smartbear:collaborator:12.3.12303
-
cpe:2.3:a:smartbear:collaborator:12.3.12304
-
cpe:2.3:a:smartbear:collaborator:12.3.12305
-
cpe:2.3:a:smartbear:collaborator:12.3.12306
-
cpe:2.3:a:smartbear:collaborator:12.4.12400
-
cpe:2.3:a:smartbear:collaborator:12.4.12401
-
cpe:2.3:a:smartbear:collaborator:12.4.12402
-
cpe:2.3:a:smartbear:collaborator:12.4.12403
-
cpe:2.3:a:smartbear:collaborator:12.5.12500
-
cpe:2.3:a:smartbear:collaborator:12.5.12501
-
cpe:2.3:a:smartbear:collaborator:12.5.12502
-
cpe:2.3:a:smartbear:collaborator:12.5.12503
-
cpe:2.3:a:smartbear:collaborator:12.5.12504
-
cpe:2.3:a:smartbear:collaborator:13.0.13000
-
cpe:2.3:a:smartbear:collaborator:13.0.13001
-
cpe:2.3:a:smartbear:collaborator:13.0.13002
-
cpe:2.3:a:smartbear:collaborator:13.1.13100
-
cpe:2.3:a:smartbear:collaborator:13.2.13200
-
cpe:2.3:a:smartbear:collaborator:13.3.13000
-
cpe:2.3:a:smartbear:collaborator:13.3.13001
-
cpe:2.3:a:smartbear:collaborator:13.3.13002
-
cpe:2.3:a:smartbear:collaborator:13.3.13100
-
cpe:2.3:a:smartbear:collaborator:13.3.13200
-
cpe:2.3:a:smartbear:collaborator:13.3.13300
-
cpe:2.3:a:smartbear:collaborator:13.3.13301
-
cpe:2.3:a:smartbear:collaborator:13.3.13302
-
cpe:2.3:a:smartbear:collaborator:2.0.601
-
cpe:2.3:a:smartbear:collaborator:2.0.602
-
cpe:2.3:a:smartbear:collaborator:2.0.606
-
cpe:2.3:a:smartbear:collaborator:2.0.608
-
cpe:2.3:a:smartbear:collaborator:2.0.609
-
cpe:2.3:a:smartbear:collaborator:2.0.611
-
cpe:2.3:a:smartbear:collaborator:2.0.612
-
cpe:2.3:a:smartbear:collaborator:2.0.617
-
cpe:2.3:a:smartbear:collaborator:2.0.618
-
cpe:2.3:a:smartbear:collaborator:2.0.619
-
cpe:2.3:a:smartbear:collaborator:2.0.620
-
cpe:2.3:a:smartbear:collaborator:2.0.621
-
cpe:2.3:a:smartbear:collaborator:2.1.700
-
cpe:2.3:a:smartbear:collaborator:2.1.702
-
cpe:2.3:a:smartbear:collaborator:2.1.703
-
cpe:2.3:a:smartbear:collaborator:2.1.704
-
cpe:2.3:a:smartbear:collaborator:2.1.705
-
cpe:2.3:a:smartbear:collaborator:2.1.706
-
cpe:2.3:a:smartbear:collaborator:2.1.707
-
cpe:2.3:a:smartbear:collaborator:2.1.708
-
cpe:2.3:a:smartbear:collaborator:2.1.709
-
cpe:2.3:a:smartbear:collaborator:2.1.711
-
cpe:2.3:a:smartbear:collaborator:2.1.712
-
cpe:2.3:a:smartbear:collaborator:2.1.713
-
cpe:2.3:a:smartbear:collaborator:2.1.714
-
cpe:2.3:a:smartbear:collaborator:2.1.717
-
cpe:2.3:a:smartbear:collaborator:2.1.719
-
cpe:2.3:a:smartbear:collaborator:2.1.721
-
cpe:2.3:a:smartbear:collaborator:2.1.723
-
cpe:2.3:a:smartbear:collaborator:2.1.724
-
cpe:2.3:a:smartbear:collaborator:2.1.725
-
cpe:2.3:a:smartbear:collaborator:2.1.727
-
cpe:2.3:a:smartbear:collaborator:2.1.729
-
cpe:2.3:a:smartbear:collaborator:2.1.730
-
cpe:2.3:a:smartbear:collaborator:2.1.731
-
cpe:2.3:a:smartbear:collaborator:4.0.801
-
cpe:2.3:a:smartbear:collaborator:4.0.802
-
cpe:2.3:a:smartbear:collaborator:4.0.803
-
cpe:2.3:a:smartbear:collaborator:4.0.804
-
cpe:2.3:a:smartbear:collaborator:4.0.805
-
cpe:2.3:a:smartbear:collaborator:4.0.806
-
cpe:2.3:a:smartbear:collaborator:4.0.807
-
cpe:2.3:a:smartbear:collaborator:4.0.808
-
cpe:2.3:a:smartbear:collaborator:4.0.809
-
cpe:2.3:a:smartbear:collaborator:4.0.810
-
cpe:2.3:a:smartbear:collaborator:4.0.811
-
cpe:2.3:a:smartbear:collaborator:4.0.812
-
cpe:2.3:a:smartbear:collaborator:4.0.814
-
cpe:2.3:a:smartbear:collaborator:4.0.817
-
cpe:2.3:a:smartbear:collaborator:4.0.818
-
cpe:2.3:a:smartbear:collaborator:4.0.819
-
cpe:2.3:a:smartbear:collaborator:4.0.820
-
cpe:2.3:a:smartbear:collaborator:4.0.821
-
cpe:2.3:a:smartbear:collaborator:4.0.823
-
cpe:2.3:a:smartbear:collaborator:4.0.824
-
cpe:2.3:a:smartbear:collaborator:4.0.825
-
cpe:2.3:a:smartbear:collaborator:4.0.828
-
cpe:2.3:a:smartbear:collaborator:4.0.829
-
cpe:2.3:a:smartbear:collaborator:4.0.831
-
cpe:2.3:a:smartbear:collaborator:4.0.832
-
cpe:2.3:a:smartbear:collaborator:4.0.833
-
cpe:2.3:a:smartbear:collaborator:4.0.834
-
cpe:2.3:a:smartbear:collaborator:4.0.835
-
cpe:2.3:a:smartbear:collaborator:4.0.836
-
cpe:2.3:a:smartbear:collaborator:4.0.837
-
cpe:2.3:a:smartbear:collaborator:4.0.838
-
cpe:2.3:a:smartbear:collaborator:4.0.839
-
cpe:2.3:a:smartbear:collaborator:4.0.840
-
cpe:2.3:a:smartbear:collaborator:4.0.841
-
cpe:2.3:a:smartbear:collaborator:4.0.842
-
cpe:2.3:a:smartbear:collaborator:4.0.843
-
cpe:2.3:a:smartbear:collaborator:4.0.845
-
cpe:2.3:a:smartbear:collaborator:4.0.846
-
cpe:2.3:a:smartbear:collaborator:4.0.849
-
cpe:2.3:a:smartbear:collaborator:4.0.850
-
cpe:2.3:a:smartbear:collaborator:4.0.851
-
cpe:2.3:a:smartbear:collaborator:4.0.852
-
cpe:2.3:a:smartbear:collaborator:4.0.853
-
cpe:2.3:a:smartbear:collaborator:4.0.854
-
cpe:2.3:a:smartbear:collaborator:4.0.855
-
cpe:2.3:a:smartbear:collaborator:4.0.856
-
cpe:2.3:a:smartbear:collaborator:4.0.857
-
cpe:2.3:a:smartbear:collaborator:4.0.858
-
cpe:2.3:a:smartbear:collaborator:4.0.859
-
cpe:2.3:a:smartbear:collaborator:4.0.860
-
cpe:2.3:a:smartbear:collaborator:4.0.862
-
cpe:2.3:a:smartbear:collaborator:4.0.863
-
cpe:2.3:a:smartbear:collaborator:4.0.864
-
cpe:2.3:a:smartbear:collaborator:5.0.5002
-
cpe:2.3:a:smartbear:collaborator:5.0.5003
-
cpe:2.3:a:smartbear:collaborator:5.0.5004
-
cpe:2.3:a:smartbear:collaborator:5.0.5005
-
cpe:2.3:a:smartbear:collaborator:5.0.5007
-
cpe:2.3:a:smartbear:collaborator:5.0.5008
-
cpe:2.3:a:smartbear:collaborator:5.0.5009
-
cpe:2.3:a:smartbear:collaborator:5.0.5010
-
cpe:2.3:a:smartbear:collaborator:5.0.5011
-
cpe:2.3:a:smartbear:collaborator:5.0.5012
-
cpe:2.3:a:smartbear:collaborator:5.0.5013
-
cpe:2.3:a:smartbear:collaborator:5.0.5014
-
cpe:2.3:a:smartbear:collaborator:5.0.5015
-
cpe:2.3:a:smartbear:collaborator:5.0.5016
-
cpe:2.3:a:smartbear:collaborator:5.0.5017
-
cpe:2.3:a:smartbear:collaborator:5.0.5018
-
cpe:2.3:a:smartbear:collaborator:5.0.5019
-
cpe:2.3:a:smartbear:collaborator:5.0.5020
-
cpe:2.3:a:smartbear:collaborator:5.0.5021
-
cpe:2.3:a:smartbear:collaborator:5.0.5022
-
cpe:2.3:a:smartbear:collaborator:5.0.5023
-
cpe:2.3:a:smartbear:collaborator:5.0.5024
-
cpe:2.3:a:smartbear:collaborator:5.0.5025
-
cpe:2.3:a:smartbear:collaborator:5.0.5026
-
cpe:2.3:a:smartbear:collaborator:5.0.5027
-
cpe:2.3:a:smartbear:collaborator:5.0.5028
-
cpe:2.3:a:smartbear:collaborator:5.0.5029
-
cpe:2.3:a:smartbear:collaborator:5.0.5030
-
cpe:2.3:a:smartbear:collaborator:5.0.5031
-
cpe:2.3:a:smartbear:collaborator:5.0.5032
-
cpe:2.3:a:smartbear:collaborator:5.0.5033
-
cpe:2.3:a:smartbear:collaborator:5.0.5034
-
cpe:2.3:a:smartbear:collaborator:5.0.5035
-
cpe:2.3:a:smartbear:collaborator:5.0.5036
-
cpe:2.3:a:smartbear:collaborator:5.0.5037
-
cpe:2.3:a:smartbear:collaborator:5.0.5039
-
cpe:2.3:a:smartbear:collaborator:5.0.5040
-
cpe:2.3:a:smartbear:collaborator:5.0.5041
-
cpe:2.3:a:smartbear:collaborator:6.0.6001
-
cpe:2.3:a:smartbear:collaborator:6.0.6005
-
cpe:2.3:a:smartbear:collaborator:6.0.6006
-
cpe:2.3:a:smartbear:collaborator:6.0.6008
-
cpe:2.3:a:smartbear:collaborator:6.0.6009
-
cpe:2.3:a:smartbear:collaborator:6.0.6011
-
cpe:2.3:a:smartbear:collaborator:6.0.6012
-
cpe:2.3:a:smartbear:collaborator:6.0.6013
-
cpe:2.3:a:smartbear:collaborator:6.0.6016
-
cpe:2.3:a:smartbear:collaborator:6.0.6017
-
cpe:2.3:a:smartbear:collaborator:6.0.6018
-
cpe:2.3:a:smartbear:collaborator:6.1.6101
-
cpe:2.3:a:smartbear:collaborator:6.1.6102
-
cpe:2.3:a:smartbear:collaborator:6.1.6103
-
cpe:2.3:a:smartbear:collaborator:6.1.6104
-
cpe:2.3:a:smartbear:collaborator:6.5.6500
-
cpe:2.3:a:smartbear:collaborator:6.5.6501
-
cpe:2.3:a:smartbear:collaborator:6.5.6502
-
cpe:2.3:a:smartbear:collaborator:6.5.6503
-
cpe:2.3:a:smartbear:collaborator:6.5.6505
-
cpe:2.3:a:smartbear:collaborator:6.5.6507
-
cpe:2.3:a:smartbear:collaborator:6.5.6508
-
cpe:2.3:a:smartbear:collaborator:6.5.6510
-
cpe:2.3:a:smartbear:collaborator:7.0.7022
-
cpe:2.3:a:smartbear:collaborator:7.0.7024
-
cpe:2.3:a:smartbear:collaborator:7.0.7027
-
cpe:2.3:a:smartbear:collaborator:7.1.7110
-
cpe:2.3:a:smartbear:collaborator:7.1.7111
-
cpe:2.3:a:smartbear:collaborator:7.2.7208
-
cpe:2.3:a:smartbear:collaborator:7.2.7218
-
cpe:2.3:a:smartbear:collaborator:7.2.7237
-
cpe:2.3:a:smartbear:collaborator:7.3.7301
-
cpe:2.3:a:smartbear:collaborator:7.3.7302
-
cpe:2.3:a:smartbear:collaborator:7.3.7303
-
cpe:2.3:a:smartbear:collaborator:7.3.7304
-
cpe:2.3:a:smartbear:collaborator:8.0.8001
-
cpe:2.3:a:smartbear:collaborator:8.0.8003
-
cpe:2.3:a:smartbear:collaborator:8.1.8100
-
cpe:2.3:a:smartbear:collaborator:8.2.8200
-
cpe:2.3:a:smartbear:collaborator:8.2.8202
-
cpe:2.3:a:smartbear:collaborator:8.3.8301
-
cpe:2.3:a:smartbear:collaborator:8.4.8401
-
cpe:2.3:a:smartbear:collaborator:8.4.8402
-
cpe:2.3:a:smartbear:collaborator:8.4.8403
-
cpe:2.3:a:smartbear:collaborator:8.4.8404
-
cpe:2.3:a:smartbear:collaborator:8.4.8405
-
cpe:2.3:a:smartbear:collaborator:8.4.8406
-
cpe:2.3:a:smartbear:collaborator:8.5.8500
-
cpe:2.3:a:smartbear:collaborator:8.5.8501
-
cpe:2.3:a:smartbear:collaborator:8.5.8502
-
cpe:2.3:a:smartbear:collaborator:9.0.9000
-
cpe:2.3:a:smartbear:collaborator:9.0.9001
-
cpe:2.3:a:smartbear:collaborator:9.1.9100
-
cpe:2.3:a:smartbear:collaborator:9.1.9101
-
cpe:2.3:a:smartbear:collaborator:9.2.9200
-
cpe:2.3:a:smartbear:collaborator:9.3.9300
-
cpe:2.3:a:smartbear:collaborator:9.4.9400
-
cpe:2.3:a:smartbear:collaborator:9.4.9401
-
cpe:2.3:a:smartbear:collaborator:9.5.9500
-
cpe:2.3:a:smartbear:collaborator:9.5.9501
-
cpe:2.3:a:smartbear:collaborator:9.5.9502