CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-9407

MEDIUM
5.3
CVSS Severity Score
EPSS Score0.1130%
EPSS Percentile43.28th
Published2020年2月26日
Last Modified2024年11月21日

Vulnerability Description

IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.

Affected Platforms (CPE)

📦
Iblsoft

Online Weather

< 4.3.5

References & Advisories

🔗 https://github.com/dawid-czarnecki/public-vulnerabilities/tree/master/Online_Weather
🔗 https://zigrin.com/advisories/online-weather-information-disclosure-in-cookie/
🔗 https://github.com/dawid-czarnecki/public-vulnerabilities/tree/master/Online_Weather
🔗 https://zigrin.com/advisories/online-weather-information-disclosure-in-cookie/

関連する脆弱性情報

CVE-2020-94069.8

IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.

CVE-2020-94056.1

IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.

CVE-2020-1207910.0

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isola...

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...