ID de Prueba:	1.3.6.1.4.1.25623.1.0.145041
Categoría:	Privilege escalation
Título:	Sympa < 6.2.60 SOAP API Vulnerability
Resumen:	Sympa is prone to an authentication bypass vulnerability in the; SOAP API.
Descripción:	Summary: Sympa is prone to an authentication bypass vulnerability in the SOAP API. Vulnerability Insight: Sympa allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. Vulnerability Impact: Successful exploitation may allow an unauthenticated attacker to execute arbitrary SOAP API calls. Affected Software/OS: Sympa version 6.2.58 and prior. Solution: Update to version 6.2.60 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-29668 Debian Security Information: DSA-4818 (Google Search) https://www.debian.org/security/2020/dsa-4818 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020 https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md https://github.com/sympa-community/sympa/issues/1041 https://github.com/sympa-community/sympa/pull/1044 https://lists.debian.org/debian-lts-announce/2020/12/msg00026.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.