RSS   Vulnerabilities for 'Nhiservisignadapter'   RSS

2020-12-31
 
CVE-2020-25846

CWE-601
 

 
The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.

 
 
CVE-2020-25845

CWE-601
 

 
Multiple functions of NHIServiSignAdapter failed to verify the users�?? file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.

 
 
CVE-2020-25844

CWE-787
 

 
The digest generation function of NHIServiSignAdapter has not been verified for parameter�??s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege.

 


Copyright 2024, cxsecurity.com

 

Back to Top