Vulnerability Details CVE-2020-35205
Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://clandestinelabs.io/security-advisories/advisory-multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications
- https://un4gi.io/blog/multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications
- https://clandestinelabs.io/security-advisories/advisory-multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications
- https://un4gi.io/blog/multiple-vulnerabilities-in-quest-policy-authority-for-unified-communications
Products affected by CVE-2020-35205
-
cpe:2.3:a:quest:policy_authority_for_unified_communications:8.1.2.200