CVE-2020-3935
published 2020-02-11CVE-2020-3935: TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.93%
56.0th percentile
TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | nifi | — | — |
| secom | dr.id_access_control | — | — |
| secom | dr.id_attendance_system | < 3.3.0.3_20160517 | 3.3.0.3_20160517 |
| taiwan_secom_co_ltd | door_access_control_system | <= 3.3.2 | — |
| taiwan_secom_co_ltd | personnel_attendance_system | <= 3.3.0.3_20160517 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_apache5.3
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-28fq-p2c7-42px: Secom Co
ghsa_unreviewed·2022-05-24
CVE-2020-3935 [MEDIUM] CWE-312 GHSA-28fq-p2c7-42px: Secom Co
Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.
Apache
Apache nifi: CVE-2020-1928
vendor_apache·CVSS 5.3
CVE-2020-1928 Apache nifi: CVE-2020-1928
Apache nifi: CVE-2020-1928
Title: Potential Information Disclosure in Application Debug Logs Published: 2020-01-22 Severity: Medium Products: Apache NiFi Affected Versions: 1.10.0 Fixed Versions: 1.11.0 Reporter: Andy LoPresto References CVE Record: CVE-2020-1928 NVD Record: CVE-2020-1928 Apache Jira Issue: NIFI-6948 GitHub Pull Request: 3935 The sensitive parameter parser would log parsed property descriptor values for debugging purposes. This would expose literal values entered a sensitive property when no parameter was present. NiFi 1.11.0 removed debug logging from the class. Users running the 1.10.0 release should upgrade to 1.11.0.
Severity: moderate
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760bhttps://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bachttps://www.twcert.org.tw/en/cp-139-3319-d7b65-2.htmlhttps://gist.github.com/chtsecurity/4db471b34c3959e5ab9ec31570e4760bhttps://www.chtsecurity.com/news/1bb85fcd-9048-4587-b4d3-b18335572bachttps://www.twcert.org.tw/en/cp-139-3319-d7b65-2.html
2020-02-11
Published