Vulnerability Details CVE-2020-8427
In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-8427
-
cpe:2.3:a:unitrends:backup:1.7.1h
-
cpe:2.3:a:unitrends:backup:10.0
-
cpe:2.3:a:unitrends:backup:10.1
-
cpe:2.3:a:unitrends:backup:10.1.1
-
cpe:2.3:a:unitrends:backup:10.2
-
cpe:2.3:a:unitrends:backup:10.2.1
-
cpe:2.3:a:unitrends:backup:10.3.1
-
cpe:2.3:a:unitrends:backup:10.3.10
-
cpe:2.3:a:unitrends:backup:10.3.11
-
cpe:2.3:a:unitrends:backup:10.3.2
-
cpe:2.3:a:unitrends:backup:10.3.3
-
cpe:2.3:a:unitrends:backup:10.3.4
-
cpe:2.3:a:unitrends:backup:10.3.5
-
cpe:2.3:a:unitrends:backup:10.3.6
-
cpe:2.3:a:unitrends:backup:10.3.7
-
cpe:2.3:a:unitrends:backup:10.3.8
-
cpe:2.3:a:unitrends:backup:10.3.9
-
cpe:2.3:a:unitrends:backup:10.4.0
-
cpe:2.3:a:unitrends:backup:2.1.0
-
cpe:2.3:a:unitrends:backup:4.2.2
-
cpe:2.3:a:unitrends:backup:6.0.0
-
cpe:2.3:a:unitrends:backup:6.3.0
-
cpe:2.3:a:unitrends:backup:7.4.0
-
cpe:2.3:a:unitrends:backup:9.0.0
-
cpe:2.3:a:unitrends:backup:9.1
-
cpe:2.3:a:unitrends:backup:9.2.0