A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-051/ | Not Applicable |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: siemens
Published: 2021-01-12T20:18:36
Updated: 2021-01-14T17:06:15
Reserved: 2020-11-10T00:00:00
Link: CVE-2020-28390
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-12T21:15:18.043
Modified: 2021-01-20T18:45:44.143
Link: CVE-2020-28390
JSON object: View
Redhat Information
No data.
CWE