Vulnerability Details CVE-2020-35775
CITSmart before 9.1.2.23 allows LDAP Injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.237
EPSS Ranking 95.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/162181/CITSmart-ITSM-9.1.2.22-LDAP-Injection.html
- https://citsmart.com.br/solucoes/itsm-2/
- https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html
- https://github.com/nardnet/citsmart/blob/master/WEB-INF/src/br/com/centralit/citcorpore/integracao/ad/LDAPUtils.java
- https://rdstation-static.s3.amazonaws.com/cms/files/86153/1597862259Ebook-Whatsnew-CITSmart.pdf
- http://packetstormsecurity.com/files/162181/CITSmart-ITSM-9.1.2.22-LDAP-Injection.html
- https://citsmart.com.br/solucoes/itsm-2/
- https://docs.citsmart.com/pt-br/citsmart-platform-9/get-started/about-citsmart/release-notes.html
- https://github.com/nardnet/citsmart/blob/master/WEB-INF/src/br/com/centralit/citcorpore/integracao/ad/LDAPUtils.java
- https://rdstation-static.s3.amazonaws.com/cms/files/86153/1597862259Ebook-Whatsnew-CITSmart.pdf
Products affected by CVE-2020-35775
-
cpe:2.3:a:citsmart:citsmart:9.0
-
cpe:2.3:a:citsmart:citsmart:9.1
-
cpe:2.3:a:citsmart:citsmart:9.1.2.13
-
cpe:2.3:a:citsmart:citsmart:9.1.2.22