CVE-2020-36923
Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR
Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Sony Electronics Inc. · Sony BRAVIA Digital Signage¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://cxsecurity.com/issue/WLB-2020120031https://exchange.xforce.ibmcloud.com/vulnerabilities/192607https://packetstormsecurity.com/files/160344https://pro-bravia.sony.nethttps://pro-bravia.sony.net/resources/software/bravia-signage/https://pro.sony/ue_US/products/display-softwarehttps://www.vulncheck.com/advisories/sony-bravia-digital-signage-client-side-protection-bypass-via-idorhttps://www.zeroscience.mk/codes/sonybravia_idor.txthttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.php