Una vulnerabilidad clasificada como problemática fue encontrada en SecureAuth IdP 9.3.0. Una función desconocida del archivo SecureAuth.aspx del componente Template Handler es afectada por esta vulnerabilidad. No hay información respecto a posibles contramedidas. Se sugiere sustituir el producto con un equivalente.
| Campo | 2020-06-26 14:07 | 2020-06-26 14:12 |
|---|---|---|
| name | SecureAuth IdP | SecureAuth IdP |
| version | 9.3.0 | 9.3.0 |
| component | Template Handler | Template Handler |
| file | SecureAuth.aspx | SecureAuth.aspx |
| risk | 1 | 1 |
| cvss2 | 3.5 | 3.5 |
| cvss2 | 3.5 | 3.5 |
| cvss2 | N | N |
| cvss2 | M | M |
| cvss2 | S | S |
| cvss2 | N | N |
| cvss2 | P | P |
| cvss2 | N | N |
| cvss3 | 3.6 | 3.6 |
| cvss3 | 3.6 | 3.6 |
| cvss3 | 2.4 | 2.4 |
| cvss3 | 2.4 | 2.4 |
| cvss3 | N | N |
| cvss3 | L | L |
| cvss3 | H | H |
| cvss3 | R | R |
| cvss3 | U | U |
| cvss3 | N | N |
| cvss3 | L | L |
| cvss3 | N | N |
| date | 1593043200 (2020-06-25) | 1593043200 (2020-06-25) |
| price | $0-$5k | $0-$5k |
| cve | CVE-2020-9437 | CVE-2020-9437 |
| cvss2 | ND | ND |
| cvss2 | ND | ND |
| cvss2 | ND | ND |
| cvss3 | X | X |
| cvss3 | X | X |
| cvss3 | X | X |
| cvss3 | 4.8 | 4.8 |
| cwe | 0 | 79 (cross site scripting) |
| cvss2 | N | |
| cvss2 | M | |
| cvss2 | S | |
| cvss2 | N | |
| cvss2 | P | |
| cvss2 | N | |
| cvss3 | N | |
| cvss3 | L | |
| cvss3 | H | |
| cvss3 | R | |
| cvss3 | C | |
| cvss3 | L | |
| cvss3 | L | |
| cvss3 | N | |
| cve | 1582761600 | |
| cve | SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS. |
Want to stay up to date on a daily basis?
Enable the mail alert feature now!