What the vulnerability does

01Description

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface.

Key dates

02Disclosure timeline

April 3, 2020 CVE published
August 4, 2024 Record updated