CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-36917

HIGH
7.5
CVSS Severity Score
EPSS Score0.0990%
EPSS Percentile43.65th
Published2026年1月6日
Last Modified2026年4月15日

Vulnerability Description

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle attacks on HTTP communications.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://cxsecurity.com/issue/WLB-2020110023
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/191261
🔗 https://packetstormsecurity.com/files/159915
🔗 https://web.archive.org/web/20200919100215/http://www.yerootech.com/
🔗 https://www.vulncheck.com/advisories/ids-dsspro-digital-signage-system-cleartext-password-disclosure-via-cookie
🔗 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5605.php

関連する脆弱性情報

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2020-696210.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2020-696310.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...