#VU27698 Improper access control in Sun ONE/iPlanet Web Server - CVE-2020-9315
Published: May 12, 2020
Vulnerability identifier: #VU27698
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2020-9315
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Sun ONE/iPlanet Web Server
Sun ONE/iPlanet Web Server
Software vendor:
Sun
Sun
Description
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions within admingui/version URIs in the Administration console. A remote attacker can send a specially crafted request and read the encryption keys
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Note, this product is no longer supported by the vendor.