Revisions
- 1.0: October 14, 2020, Initial release
Summary
APTARE version 10.5 contains fixes for security issues. It is recommended that Veritas customers update APTARE software to the latest 10.5 release.
Description
APTARE 10.5 address the following security vulnerabilities:
| Issue | Description | Severity | Fixed version |
|---|---|---|---|
|
1 |
Critical |
10.5 |
|
|
2 |
High |
10.5 |
Issues
Issue #1
Authorization Bypass
- CVE ID: CVE-2020-27156
- Severity: Critical
- CVSS v3.1 Base Score 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user.
Issue #2
Authentication Weakness - Login Process Bypass
- CVE ID: CVE-2020-27157
- Severity: High
- CVSS v3.1 Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality limited to that which the targeted user account has access.