CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27687

ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

Products affected by CVE-2020-27687

Thingsboard » Thingsboard » Version: 1.0

cpe:2.3:a:thingsboard:thingsboard:1.0
Thingsboard » Thingsboard » Version: 1.0.1

cpe:2.3:a:thingsboard:thingsboard:1.0.1
Thingsboard » Thingsboard » Version: 1.0.2

cpe:2.3:a:thingsboard:thingsboard:1.0.2
Thingsboard » Thingsboard » Version: 1.0.3

cpe:2.3:a:thingsboard:thingsboard:1.0.3
Thingsboard » Thingsboard » Version: 1.1

cpe:2.3:a:thingsboard:thingsboard:1.1
Thingsboard » Thingsboard » Version: 1.2

cpe:2.3:a:thingsboard:thingsboard:1.2
Thingsboard » Thingsboard » Version: 1.2.1

cpe:2.3:a:thingsboard:thingsboard:1.2.1
Thingsboard » Thingsboard » Version: 1.2.2

cpe:2.3:a:thingsboard:thingsboard:1.2.2
Thingsboard » Thingsboard » Version: 1.2.3

cpe:2.3:a:thingsboard:thingsboard:1.2.3
Thingsboard » Thingsboard » Version: 1.3

cpe:2.3:a:thingsboard:thingsboard:1.3
Thingsboard » Thingsboard » Version: 1.3.1

cpe:2.3:a:thingsboard:thingsboard:1.3.1
Thingsboard » Thingsboard » Version: 1.4

cpe:2.3:a:thingsboard:thingsboard:1.4
Thingsboard » Thingsboard » Version: 2.0

cpe:2.3:a:thingsboard:thingsboard:2.0
Thingsboard » Thingsboard » Version: 2.0.1

cpe:2.3:a:thingsboard:thingsboard:2.0.1
Thingsboard » Thingsboard » Version: 2.0.2

cpe:2.3:a:thingsboard:thingsboard:2.0.2
Thingsboard » Thingsboard » Version: 2.0.3

cpe:2.3:a:thingsboard:thingsboard:2.0.3
Thingsboard » Thingsboard » Version: 2.1

cpe:2.3:a:thingsboard:thingsboard:2.1
Thingsboard » Thingsboard » Version: 2.1.1

cpe:2.3:a:thingsboard:thingsboard:2.1.1
Thingsboard » Thingsboard » Version: 2.1.2

cpe:2.3:a:thingsboard:thingsboard:2.1.2
Thingsboard » Thingsboard » Version: 2.1.3

cpe:2.3:a:thingsboard:thingsboard:2.1.3
Thingsboard » Thingsboard » Version: 2.2

cpe:2.3:a:thingsboard:thingsboard:2.2
Thingsboard » Thingsboard » Version: 2.3

cpe:2.3:a:thingsboard:thingsboard:2.3
Thingsboard » Thingsboard » Version: 2.3.1

cpe:2.3:a:thingsboard:thingsboard:2.3.1
Thingsboard » Thingsboard » Version: 2.4

cpe:2.3:a:thingsboard:thingsboard:2.4
Thingsboard » Thingsboard » Version: 2.4.1

cpe:2.3:a:thingsboard:thingsboard:2.4.1
Thingsboard » Thingsboard » Version: 2.4.2

cpe:2.3:a:thingsboard:thingsboard:2.4.2
Thingsboard » Thingsboard » Version: 2.4.2.1

cpe:2.3:a:thingsboard:thingsboard:2.4.2.1
Thingsboard » Thingsboard » Version: 2.4.3

cpe:2.3:a:thingsboard:thingsboard:2.4.3
Thingsboard » Thingsboard » Version: 2.5

cpe:2.3:a:thingsboard:thingsboard:2.5
Thingsboard » Thingsboard » Version: 2.5.1

cpe:2.3:a:thingsboard:thingsboard:2.5.1
Thingsboard » Thingsboard » Version: 2.5.2

cpe:2.3:a:thingsboard:thingsboard:2.5.2
Thingsboard » Thingsboard » Version: 2.5.3

cpe:2.3:a:thingsboard:thingsboard:2.5.3
Thingsboard » Thingsboard » Version: 2.5.4

cpe:2.3:a:thingsboard:thingsboard:2.5.4
Thingsboard » Thingsboard » Version: 2.5.5

cpe:2.3:a:thingsboard:thingsboard:2.5.5
Thingsboard » Thingsboard » Version: 3.0

cpe:2.3:a:thingsboard:thingsboard:3.0
Thingsboard » Thingsboard » Version: 3.0.1

cpe:2.3:a:thingsboard:thingsboard:3.0.1
Thingsboard » Thingsboard » Version: 3.1

cpe:2.3:a:thingsboard:thingsboard:3.1
Thingsboard » Thingsboard » Version: 3.1.1

cpe:2.3:a:thingsboard:thingsboard:3.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27687

Products

Pricing

Contact Us