Unauthenticated Remote Reading of Self-Diagnostic Archive in InterMind iMind Server through 3.13.65

Unauthenticated Remote Reading of Self-Diagnostic Archive in InterMind iMind Server through 3.13.65

CVE-2020-24765 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request.

Learn more about our Cis Benchmark Audit For Server Software.