Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2020/Dec/38 | Mailing List Third Party Advisory |
https://packetstormsecurity.com/files/160626/Programi-Bilanc-Build-007-Release-014-31.01.2020-Hardcoded-Credentials.html | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2020-12-21 14:15
Updated : 2020-12-22 10:19
NVD link : CVE-2020-8995
Mitre link : CVE-2020-8995
JSON object : View
CWE
CWE-798
Use of Hard-coded Credentials
Products Affected
bilanc
- bilanc