Vulnerability-Lookup

CNVD-2020-28983

Vulnerability from cnvd - Published: 2020-05-20

Title

Veritas Technologies APTARE未授权访问漏洞

Description

Veritas Technologies APTARE是美国Veritas Technologies公司的一套备份、存储和虚拟基础架构的预测分析软件。该软件支持存储管理和数据中心优化等功能。 Veritas Technologies APTARE 10.4之前版本中存在安全漏洞，该漏洞源于程序没有进行适当的授权检查。攻击者可利用该漏洞借助特制参数未授权访问敏感信息或功能。

Severity

中

Patch Name

Veritas Technologies APTARE未授权访问漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.veritas.com/content/support/en_US/security/VTS20-003

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-12875

Impacted products

Name
Veritas Technologies APTARE <10.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-12875"
    }
  },
  "description": "Veritas Technologies APTARE\u662f\u7f8e\u56fdVeritas Technologies\u516c\u53f8\u7684\u4e00\u5957\u5907\u4efd\u3001\u5b58\u50a8\u548c\u865a\u62df\u57fa\u7840\u67b6\u6784\u7684\u9884\u6d4b\u5206\u6790\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u5b58\u50a8\u7ba1\u7406\u548c\u6570\u636e\u4e2d\u5fc3\u4f18\u5316\u7b49\u529f\u80fd\u3002\n\nVeritas Technologies APTARE 10.4\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u6ca1\u6709\u8fdb\u884c\u9002\u5f53\u7684\u6388\u6743\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u501f\u52a9\u7279\u5236\u53c2\u6570\u672a\u6388\u6743\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u6216\u529f\u80fd\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.veritas.com/content/support/en_US/security/VTS20-003",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-28983",
  "openTime": "2020-05-20",
  "patchDescription": "Veritas Technologies APTARE\u662f\u7f8e\u56fdVeritas Technologies\u516c\u53f8\u7684\u4e00\u5957\u5907\u4efd\u3001\u5b58\u50a8\u548c\u865a\u62df\u57fa\u7840\u67b6\u6784\u7684\u9884\u6d4b\u5206\u6790\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u5b58\u50a8\u7ba1\u7406\u548c\u6570\u636e\u4e2d\u5fc3\u4f18\u5316\u7b49\u529f\u80fd\u3002\r\n\r\nVeritas Technologies APTARE 10.4\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u6ca1\u6709\u8fdb\u884c\u9002\u5f53\u7684\u6388\u6743\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u501f\u52a9\u7279\u5236\u53c2\u6570\u672a\u6388\u6743\u8bbf\u95ee\u654f\u611f\u4fe1\u606f\u6216\u529f\u80fd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Veritas Technologies APTARE\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Veritas Technologies APTARE \u003c10.4"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-12875",
  "serverity": "\u4e2d",
  "submitTime": "2020-05-15",
  "title": "Veritas Technologies APTARE\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

CVE-2020-12875 (GCVE-0-2020-12875)

Vulnerability from cvelistv5 – Published: 2020-05-14 19:07 – Updated: 2024-08-04 12:11

Summary

Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application.

Severity

6.3 (Medium)


                        
                          CVSS:3.0/AC:L/AV:N/A:L/C:L/I:L/PR:L/S:U/UI:N

CWE

Assigner

mitre

References

1 reference

URL	Tags
https://www.veritas.com/content/support/en_US/sec…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:19.021Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS20-003"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:L/I:L/PR:L/S:U/UI:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-14T19:07:05.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS20-003"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-12875",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:L/I:L/PR:L/S:U/UI:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS20-003",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS20-003"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12875",
    "datePublished": "2020-05-14T19:07:05.000Z",
    "dateReserved": "2020-05-14T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:11:19.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-28983

CVE-2020-12875 (GCVE-0-2020-12875)

Tags

Sightings

Nomenclature