Incorrect Access Control in Oracle iPlanet Web Server Administration Console
CVE-2020-9315
7.5HIGH
Summary
The Oracle iPlanet Web Server 7.0.x contains an access control vulnerability in the Administration console. This flaw allows unauthorized users to access sensitive URIs, including the encryption keys. As a result, attackers may exploit this flaw to gain unauthorized read access, potentially compromising the security of applications relying on the web server. It is important for users to review their configurations and ensure that sensitive areas of the Administration console are adequately secured.
References
EPSS Score
87% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved