CVE-2020-10800

High

8.1/10

Summary

lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

References

Advisory Timeline

Published Mar 21, 2020

CVE-2020-10800

Summary

References

Advisory Timeline

OWASP ZAP

HackerOne

KICS SaaS