CVE-2020-36161
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-36161
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Veritas APTARE 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Veritas Technologies APTARE是美国Veritas Technologies公司的一套备份、存储和虚拟基础架构的预测分析软件。该软件支持存储管理和数据中心优化等功能。 Veritas APTARE 存在访问控制错误漏洞,攻击者可利用该漏洞(默认情况下)访问所有数据、访问所有安装的应用程序等。以下产品及型号受到影响:Veritas APTARE 版本 10.4 至 版本 10.4P9 ,Veritas APTARE 版本 10.5 至 10.5P3。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2020-36161
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-36161
请登录查看更多情报信息。
- https://www.veritas.com/content/support/en_US/security/VTS20-009x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2020-36161
Same Patch Batch · n/a · 2021-01-06 · 53 CVEs total
| CVE-2020-36168 | 9.3 CRITICAL | Veritas Resiliency Platform 安全漏洞 |
| CVE-2020-36167 | 9.3 CRITICAL | Veritas Backup Exec 代码问题漏洞 |
| CVE-2020-36166 | 9.3 CRITICAL | 多款Veritas产品安全漏洞 |
| CVE-2020-36165 | 9.3 CRITICAL | Veritas Desktop and Laptop Option 访问控制错误漏洞 |
| CVE-2020-36164 | 9.3 CRITICAL | Veritas Enterprise Vault 安全漏洞 |
| CVE-2020-36163 | 9.3 CRITICAL | Veritas NetBackup Opscenter 安全漏洞 |
| CVE-2020-36162 | 9.3 CRITICAL | Veritas CloudPoint 安全漏洞 |
| CVE-2020-36160 | 9.3 CRITICAL | Veritas System Recovery 安全漏洞 |
| CVE-2020-36169 | 9.3 CRITICAL | Veritas NetBackup和Veritas NetBackup Opscenter 访问控制错误漏洞 |
| CVE-2020-8281 | Nextcloud 跨站脚本漏洞 | |
| CVE-2020-25498 | Beetel router 777VR1 跨站脚本漏洞 | |
| CVE-2020-8275 | Citrix Secure Mail For Android 访问控制错误漏洞 | |
| CVE-2020-29041 | Web-Sesame 安全漏洞 | |
| CVE-2020-36179 | FasterXML jackson-databind 代码问题漏洞 | |
| CVE-2020-36178 | Tp-link TL-WR840N 操作系统命令注入漏洞 | |
| CVE-2020-8274 | Citrix Secure Mail For Android 代码注入漏洞 | |
| CVE-2020-8280 | Nextcloud 跨站脚本漏洞 | |
| CVE-2020-8264 | Rails 跨站脚本漏洞 | |
| CVE-2020-35262 | Digisol Systems DG-HR3400 跨站脚本漏洞 | |
| CVE-2019-16962 | ZOHO ManageEngine Desktop Central 注入漏洞 |
Showing top 20 of 53 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2020-36161
No comments yet