cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CVE-2020-12083 Remediated in Code Insight

CVE-2020-12083 Remediated in Code Insight

Summary

An elevated privileges issue was identified in Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).  

Symptoms

**** Only the following information is permitted to be distributed to users of products enabled with Code Insight:

- CVE number (if available)

- CWE ID

- CVSS scores

- Any publicly available information

****

The elevated privileges issue allows unauthorized users to use Spring MVC calls to access projects for critical business use cases. This issue was assigned a CVSS v3 score of 8.0; that is high severity.

Resolution

Code Insight 2020 R1 SP1 release (7.11.1-7) or later address the elevated privilege issue. This version (or greater) is available for download on the Product and License Center. We advise Code Insight customers to update to the latest version. 

Additional Information

For identifying this vulnerability and disclosing it to Revenera under a responsible disclosure process, we'd like to thank Goutham Madhwaraj

Related Documents

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12083

Labels (1)
No ratings
Version history
Last update:
‎Nov 16, 2020 01:22 PM
Updated by:
Contributors