CVE-2020-13963
First published: Sun Mar 21 2021(Updated: )
SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Soplanning Soplanning | >=1.45<1.47 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-13963?
CVE-2020-13963 is a vulnerability in SOPlanning before version 1.47 that allows incorrect access control due to certain secret key information and the related authentication algorithm being public.
What is the severity of CVE-2020-13963?
The severity of CVE-2020-13963 is critical with a CVSS score of 9.8.
How does CVE-2020-13963 affect SOPlanning?
CVE-2020-13963 affects SOPlanning versions before 1.47 by exposing certain secret key information and not having a key for the guest account.
How can I fix CVE-2020-13963 in SOPlanning?
To fix CVE-2020-13963 in SOPlanning, update to version 1.47 or later.
Where can I find more information about CVE-2020-13963?
More information about CVE-2020-13963 can be found in the following references: [1] [2] [3]
- collector/nvd-index
- vendor/soplanning
- canonical/soplanning soplanning
- version/soplanning soplanning/1.45