How severe is CVE-2020-26068?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2020-26068?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2020-26068

MEDIUM Year: 2020

CVSS v3 Score

6.5

Medium

CVSS v2 Score

5.5

Medium

Weakness Type

CWE-639

View all →

Vulnerability Description

A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users.

CVE-2018-16606

MEDIUM

CVSS:6.5(Medium)

In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Org...

CWE-6392018

CVE-2019-12252

MEDIUM

CVSS:6.5(Medium)

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&not...

CWE-6392019

CVE-2019-14245

MEDIUM

CVSS:6.5(Medium)

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.

CWE-6392019

CVE-2019-14246

MEDIUM

CVSS:6.5(Medium)

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.

CWE-6392019

CVE-2019-14721

MEDIUM

CVSS:6.5(Medium)

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.

CWE-6392019

CVE-2019-15815

MEDIUM

CVSS:6.5(Medium)

ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privi...

CWE-6392019

CVE-2020-26068

Vulnerability Description

Related Vulnerabilities

CVE-2018-16606

CVE-2019-12252

CVE-2019-14245

CVE-2019-14246

CVE-2019-14721

CVE-2019-15815