CVE-2020-8995
CRITICALbilanc < 014_31.01.2020 - Use of Hard-coded Credentials
Title source: llmDescription
Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Dec/38
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/160626/Programi-Bilanc-Build-007-Release-014-31.01.2020-Hardcoded-Credentials.html
Scores
CVSS v3
9.8
EPSS
0.0214
EPSS Percentile
79.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
bilanc/bilanc
< 014_31.01.2020
Published
Dec 21, 2020
Tracked Since
Feb 18, 2026