Information Disclosure Vulnerability in SMG Web UI Allows Unauthorized Access to Remote SCP Backup Server Password

Information Disclosure Vulnerability in SMG Web UI Allows Unauthorized Access to Remote SCP Backup Server Password

CVE-2020-12595 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.

Learn more about our Web App Pen Testing.