Revisions

  • 1.0: April 27, 2020, Initial release

Summary

APTARE version 10.4 contains fixes to several security issues. It is recommended that Veritas customers update APTARE software to the latest 10.4 release.

Description

APTARE 10.4 address the following security vulnerabilities:

Issue Description Severity Fixed version

1

Sensitive Information Disclosure

High

10.4

2

Authentication Weakness

Medium

10.4

3

Authorization Bypass

Medium

10.4

4

Information Disclosure

Medium

10.4

Issues

Issue Description CVE ID Severity CVSS v3.1 Base Score Note

#1

Sensitive Information Disclosure

CVE-2020-12875

High

7.5
(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication.

#2

Authentication Weakness

CVE-2020-12876

Medium

6.5
(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server.

#3

Authorization Bypass

CVE-2020-12877

Medium

6.3
(AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application.

#4

Information Disclosure

CVE-2020-12878

Medium

5.3
(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacted Windows server deployments.

Issues

Issue #1

Sensitive Information Disclosure

APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication.

Issue #2

Authentication Weakness

APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server.

Issue #3

Authorization Bypass

APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application.

Issue #4

Information Disclosure

APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacted Windows server deployments.