How severe is CVE-2020-8142?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2020-8142?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2020-8142

MEDIUM Year: 2020

CVSS v3 Score

6.8

Medium

CVSS v2 Score

4.6

Medium

Weakness Type

CWE-863

View all →

Vulnerability Description

A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the “pwold” parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided.

CVE-2013-2673

MEDIUM

CVSS:6.8(Medium)

Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access.

CWE-8632013

CVE-2017-12115

MEDIUM

CVSS:6.8(Medium)

An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to...

CWE-8632017

CVE-2017-12116

MEDIUM

CVSS:6.8(Medium)

An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to ...

CWE-8632017

CVE-2017-16858

MEDIUM

CVSS:6.8(Medium)

The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST reques...

CWE-8632017

CVE-2018-7366

MEDIUM

CVSS:6.8(Medium)

ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentic...

CWE-8632018

CVE-2018-7925

MEDIUM

CVSS:6.8(Medium)

The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP ...

CWE-8632018

CVE-2020-8142

Vulnerability Description

Related Vulnerabilities

CVE-2013-2673

CVE-2017-12115

CVE-2017-12116

CVE-2017-16858

CVE-2018-7366

CVE-2018-7925