CyberSec.Space Logo
Back to CVE Browser

CVE-2020-36917

HIGH
7.5
CVSS Severity Score
EPSS Score0.0990%
EPSS Percentile43.65th
PublishedJan 6, 2026
Last ModifiedApr 15, 2026

Vulnerability Description

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle attacks on HTTP communications.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

πŸ”— https://cxsecurity.com/issue/WLB-2020110023
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/191261
πŸ”— https://packetstormsecurity.com/files/159915
πŸ”— https://web.archive.org/web/20200919100215/http://www.yerootech.com/
πŸ”— https://www.vulncheck.com/advisories/ids-dsspro-digital-signage-system-cleartext-password-disclosure-via-cookie
πŸ”— https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5605.php

Related Vulnerabilities

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2020-696210.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2020-696310.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...