SB2021040905 - Multiple vulnerabilities in Dream Report platform 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021040905

SB2021040905 - Multiple vulnerabilities in Dream Report platform

Published: April 9, 2021

Security Bulletin ID SB2021040905
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Incorrect default permissions (CVE-ID: CVE-2020-13532)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application in the "Syncfusion Dashboard Service". A remote attacker can use a specially crafted file and gain elevated privileges on the target system.


2) Incorrect default permissions (CVE-ID: CVE-2020-13533)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application in the "ods_rtm_launch" and "ods_usc" Run Keys. A remote attacker can use a specially crafted file and gain elevated privileges on the target system.


3) Incorrect default permissions (CVE-ID: CVE-2020-13534)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders in DCOM Server Application. A remote attacker can use a specially crafted file and gain elevated privileges on the target system.


Remediation

Install update from vendor's website.

References