CVE-2020-36923
Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR
Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Sony Electronics Inc. · Sony BRAVIA Digital SignageQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://cxsecurity.com/issue/WLB-2020120031https://exchange.xforce.ibmcloud.com/vulnerabilities/192607https://packetstormsecurity.com/files/160344https://pro-bravia.sony.nethttps://pro-bravia.sony.net/resources/software/bravia-signage/https://pro.sony/ue_US/products/display-softwarehttps://www.vulncheck.com/advisories/sony-bravia-digital-signage-client-side-protection-bypass-via-idorhttps://www.zeroscience.mk/codes/sonybravia_idor.txthttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5611.php