CVE-2020-28054 (GCVE-0-2020-28054)

Vulnerability from cvelistv5 – Published: 2020-11-19 15:15 – Updated: 2024-08-04 16:33
VLAI?
Summary
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://voidsec.com x_refsource_MISC
https://tsmmanager.com x_refsource_MISC
https://voidsec.com/tivoli-madness/ x_refsource_MISC
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:33:56.916Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://voidsec.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tsmmanager.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://voidsec.com/tivoli-madness/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector\u0027s functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances\u0027 consoles, accessing hardware configurations, etc.Exploiting this vulnerability won\u0027t grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-19T15:15:55.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://voidsec.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tsmmanager.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://voidsec.com/tivoli-madness/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28054",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector\u0027s functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances\u0027 consoles, accessing hardware configurations, etc.Exploiting this vulnerability won\u0027t grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://voidsec.com",
              "refsource": "MISC",
              "url": "https://voidsec.com"
            },
            {
              "name": "https://tsmmanager.com",
              "refsource": "MISC",
              "url": "https://tsmmanager.com"
            },
            {
              "name": "https://voidsec.com/tivoli-madness/",
              "refsource": "MISC",
              "url": "https://voidsec.com/tivoli-madness/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28054",
    "datePublished": "2020-11-19T15:15:55.000Z",
    "dateReserved": "2020-11-02T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:33:56.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-28054",
      "date": "2026-05-03",
      "epss": "0.01163",
      "percentile": "0.78707"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-28054\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-11-19T16:15:10.907\",\"lastModified\":\"2024-11-21T05:22:17.583\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector\u0027s functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances\u0027 consoles, accessing hardware configurations, etc.Exploiting this vulnerability won\u0027t grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.\"},{\"lang\":\"es\",\"value\":\"JamoDat TSMManager Collector versiones hasta 6.5.0.21, es vulnerable a una Omisi\u00f3n de Autorizaci\u00f3n porque el componente Collector no est\u00e1 comprobando apropiadamente una sesi\u00f3n autenticada con el Viewer.\u0026#xa0;Si el Viewer ha sido modificado (parcheado binario) y est\u00e1 siendo usada la funcionalidad Bypass Login, un atacante puede pedir la funcionalidad de cada recopilador como si fuera un usuario que inici\u00f3 sesi\u00f3n apropiadamente: administrando instancias conectadas, revisando registros, editando configuraciones, accediendo a las instancias de unas consolas, accediendo a configuraciones de hardware, etc. La explotaci\u00f3n de esta vulnerabilidad no garantiza a un atacante acceso ni control en los servidores de ISP remotos, ya que las credenciales no son enviadas con la petici\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tsmmanager:tsmmanager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.5.0.21\",\"matchCriteriaId\":\"C49F1BFE-942F-481B-965B-5177F9131C28\"}]}]}],\"references\":[{\"url\":\"https://tsmmanager.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://voidsec.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://voidsec.com/tivoli-madness/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://tsmmanager.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://voidsec.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://voidsec.com/tivoli-madness/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.