Incorrect default permissions in Dream Report - CVE-2020-13532

 

Incorrect default permissions in Dream Report - CVE-2020-13532

Published: April 9, 2021


Vulnerability identifier: #VU52012
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-13532
CWE-ID: CWE-276
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Ocean Data Systems
Affected software:
Dream Report

Detailed vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application in the "Syncfusion Dashboard Service". A remote attacker can use a specially crafted file and gain elevated privileges on the target system.


How to mitigate CVE-2020-13532

Install updates from vendor's website.

Sources