CVE Daily

CVE-2020-35584

In Solstice Pod before 3.0.3, the web services allow users to connect to them ov...

Medium CVSS 5.9

Overview

In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.

CWE: CWE-319 Published: 2020-12-23T15:15:16.120
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 5.9 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags