CVE-2020-25846

HIGH WAF: Medium

CVSS 7.4 Published: 2020-12-31

CWE-601

The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.

WAF Coverage Analysis

Open Redirect Medium WAF Coverage

OWASP: A01:2021 Broken Access Control

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
panorama_project	nhiservisignadapter	1.0.20.0218

References

www.twcert.org.tw (Third Party Advisory)

Back to CVE Database