Vulnerability Details CVE-2020-8995
Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
- http://seclists.org/fulldisclosure/2020/Dec/38
- https://packetstormsecurity.com/files/160626/Programi-Bilanc-Build-007-Release-014-31.01.2020-Hardcoded-Credentials.html
- http://seclists.org/fulldisclosure/2020/Dec/38
- https://packetstormsecurity.com/files/160626/Programi-Bilanc-Build-007-Release-014-31.01.2020-Hardcoded-Credentials.html