CVE-2020-9449
Published Feb 28, 2020
Last updated 5 years ago
Overview
- Description
- An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-330
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:justblab:blab\\!_ax:19.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F29617BC-522D-4DE2-A94D-77D94B52E36F"
},
{
"criteria": "cpe:2.3:a:justblab:blab\\!_ax_pro:19.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56B54B11-B1D4-430D-B2C5-831FD6823C22"
},
{
"criteria": "cpe:2.3:a:justblab:blab\\!_ws:19.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5A22F32-1CB8-4AEC-8438-18094C028557"
},
{
"criteria": "cpe:2.3:a:justblab:blab\\!_ws_pro:19.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A983549-0445-47E5-884E-8B32F0D1655F"
}
],
"operator": "OR"
}
]
}
]