CVE-2020-26868
12.10.2020, 14:15
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit.Enginsight
Vendor | Product | Version |
---|---|---|
pcvuesolutions | pcvue | 8.10 ≤ 𝑥 < 12.0.17 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-767 - Access to Critical Private Variable via Public MethodThe software defines a public method that reads or modifies a private variable.
- CWE-668 - Exposure of Resource to Wrong SphereThe product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
References