Unencrypted Channel Vulnerability in Solstice Pod Web Services

Unencrypted Channel Vulnerability in Solstice Pod Web Services

CVE-2020-35584 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.

Learn more about our Web App Pen Testing.