CVE-2020-18305

HIGH Year: 2020
CVSS v3 Score
8.0
High
Weakness Type
CWE-287
View all →

Vulnerability Description

Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges.

Related Vulnerabilities

CVE-2020-10916

HIGH
CVSS:8.0(High)

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Alt...

CWE-2872020

CVE-2021-41503

HIGH
CVSS:8.0(High)

DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise th...

CWE-2872021

CVE-2025-27254

HIGH
CVSS:8.0(High)

Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that a...

CWE-2872025

CVE-2014-0927

HIGH
CVSS:8.1(High)

The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port ...

CWE-2872014

CVE-2014-3999

HIGH
CVSS:8.1(High)

The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN.

CWE-2872014

CVE-2015-0102

HIGH
CVSS:8.1(High)

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission wit...

CWE-2872015