CVE-2020-35205: SSRF
First published: Mon Jan 11 2021(Updated: )
** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quest Policy Authority For Unified Communications | =8.1.2.200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-35205?
CVE-2020-35205 is a Server Side Request Forgery (SSRF) vulnerability in Web Compliance Manager in Quest Policy Authority version 8.1.2.200.
How severe is CVE-2020-35205?
CVE-2020-35205 has a severity level of 9.8 (Critical).
How does CVE-2020-35205 affect Quest Policy Authority?
CVE-2020-35205 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file in Quest Policy Authority version 8.1.2.200.
What is the Common Vulnerabilities and Exposures (CVE) system?
The Common Vulnerabilities and Exposures (CVE) system is a dictionary of common names for publicly known cybersecurity vulnerabilities.
Is there a fix for CVE-2020-35205?
At the moment, there is no fix available for CVE-2020-35205. It is recommended to follow the suggestions provided by the vendor or security advisory.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- vendor/quest
- canonical/quest policy authority for unified communications
- version/quest policy authority for unified communications/8.1.2.200