Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by tsmmanager
CVE-2020-28054 (GCVE-0-2020-28054)
Vulnerability from cvelistv5 – Published: 2020-11-19 15:15 – Updated: 2024-08-04 16:33
VLAI
Summary
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://voidsec.com | x_refsource_MISC |
| https://tsmmanager.com | x_refsource_MISC |
| https://voidsec.com/tivoli-madness/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:56.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tsmmanager.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com/tivoli-madness/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector\u0027s functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances\u0027 consoles, accessing hardware configurations, etc.Exploiting this vulnerability won\u0027t grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T15:15:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tsmmanager.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com/tivoli-madness/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector\u0027s functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances\u0027 consoles, accessing hardware configurations, etc.Exploiting this vulnerability won\u0027t grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://voidsec.com",
"refsource": "MISC",
"url": "https://voidsec.com"
},
{
"name": "https://tsmmanager.com",
"refsource": "MISC",
"url": "https://tsmmanager.com"
},
{
"name": "https://voidsec.com/tivoli-madness/",
"refsource": "MISC",
"url": "https://voidsec.com/tivoli-madness/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28054",
"datePublished": "2020-11-19T15:15:55.000Z",
"dateReserved": "2020-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:33:56.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28054 (GCVE-0-2020-28054)
Vulnerability from nvd – Published: 2020-11-19 15:15 – Updated: 2024-08-04 16:33
VLAI
Summary
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://voidsec.com | x_refsource_MISC |
| https://tsmmanager.com | x_refsource_MISC |
| https://voidsec.com/tivoli-madness/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:56.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tsmmanager.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com/tivoli-madness/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector\u0027s functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances\u0027 consoles, accessing hardware configurations, etc.Exploiting this vulnerability won\u0027t grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T15:15:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tsmmanager.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com/tivoli-madness/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector\u0027s functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances\u0027 consoles, accessing hardware configurations, etc.Exploiting this vulnerability won\u0027t grant an attacker access nor control on remote ISP servers as no credentials is sent with the request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://voidsec.com",
"refsource": "MISC",
"url": "https://voidsec.com"
},
{
"name": "https://tsmmanager.com",
"refsource": "MISC",
"url": "https://tsmmanager.com"
},
{
"name": "https://voidsec.com/tivoli-madness/",
"refsource": "MISC",
"url": "https://voidsec.com/tivoli-madness/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28054",
"datePublished": "2020-11-19T15:15:55.000Z",
"dateReserved": "2020-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:33:56.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}