CyberSec.Space Logo
Back to CVE Browser

CVE-2020-15851

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1920%
EPSS Percentile18.72th
PublishedSep 24, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories.

Affected Platforms (CPE)

πŸ“¦
Nakivo

Backup \& Replication Transporter

= 9.4.0.r43656

References & Advisories

πŸ”— https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes
πŸ”— https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities
πŸ”— https://helpcenter.nakivo.com/display/RN/v10.3+Release+Notes
πŸ”— https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities

Related Vulnerabilities

CVE-2020-1518810.0

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute a...

CVE-2020-2521310.0

The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP cod...

CVE-2020-188910.0

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron ...

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...