← back
CVE-2020-21994

CVE-2020-21994

EPSS 3.7%
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cwe.mitre.org/data/definitions/522.htmlhttps://www.exploit-db.com/exploits/47819https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php