CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-9407

MEDIUM
5.3
CVSS Severity Score
EPSS Score0.1130%
EPSS Percentile43.28th
Published2020年2月26日
Last Modified2024年11月21日

Vulnerability Description

IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.

Affected Platforms (CPE)

📦
Iblsoft

Online Weather

< 4.3.5

References & Advisories

🔗 https://github.com/dawid-czarnecki/public-vulnerabilities/tree/master/Online_Weather
🔗 https://zigrin.com/advisories/online-weather-information-disclosure-in-cookie/
🔗 https://github.com/dawid-czarnecki/public-vulnerabilities/tree/master/Online_Weather
🔗 https://zigrin.com/advisories/online-weather-information-disclosure-in-cookie/

相关漏洞威胁

CVE-2020-94069.8

IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.

CVE-2020-94056.1

IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...