CVE-2020-26183 MEDIUM

CVE-2020-26183

Vendor Dell

Product NetWorker

Weakness CWE-285

Published October 16, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner.

Key dates

02Disclosure timeline

October 16, 2020 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-26183

Related vulnerabilities

04Related CVE

CVE-2024-27916 `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user CVE-2023-0914 Improper Authorization in pixelfed/pixelfed CVE-2022-22269 CVE-2023-1910 Getwid – Gutenberg Blocks <= 1.8.3 - Improper Authorization via get_remote_templates REST endpoint CVE-2024-39412 Adobe Commerce | Improper Authorization (CWE-285)