CVE-2020-14520

MISSING AUTHORIZATION CWE-862
The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information. An HTTP request to the unprotected API could be used to determine whether an arbitrary file path exists on the filesystem. No authentication is required to perform this exploit.

Risk Information

  • CVE ID
  • CVE-2020-14520
  • Vendor
  • Inductive Automation
  • Product
  • Ignition
  • CVSS v3
  • 7.5