CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-26155

Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.9%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 4.4

References

Products affected by CVE-2020-26155

Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-
Utimaco » Block-Safe Firmware » Version: 2.0.0

cpe:2.3:o:utimaco:block-safe_firmware:2.0.0
Utimaco » Block-Safe Firmware » Version: 3.0.0

cpe:2.3:o:utimaco:block-safe_firmware:3.0.0
Utimaco » Cryptoserver Cp5 Firmware » Version: 5.0.0.0

cpe:2.3:o:utimaco:cryptoserver_cp5_firmware:5.0.0.0
Utimaco » Cryptoserver Cp5 Firmware » Version: 5.1.0.0

cpe:2.3:o:utimaco:cryptoserver_cp5_firmware:5.1.0.0
Utimaco » Cryptoserver Cp5 Vs-Nfd Firmware » Version: 5.1.0.0

cpe:2.3:o:utimaco:cryptoserver_cp5_vs-nfd_firmware:5.1.0.0
Utimaco » Paymentserver Firmware » Version: Any

cpe:2.3:o:utimaco:paymentserver_firmware:*
Utimaco » Paymentserver Hybrid Firmware » Version: Any

cpe:2.3:o:utimaco:paymentserver_hybrid_firmware:*
Utimaco » Securityserver Firmware » Version: Any

cpe:2.3:o:utimaco:securityserver_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-26155

Products

Pricing

Contact Us