Client-Side Enforcement of Server-Side Security

CVE-2020-5345

Medium

6.4/10

Summary

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-602 - Client-Side Enforcement of Server-Side Security

The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

References

Advisory Timeline

Published Jun 23, 2020

Client-Side Enforcement of Server-Side Security

CVE-2020-5345

Summary

CWE-602 - Client-Side Enforcement of Server-Side Security

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS