Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-26975: Knowledge base

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.

CVE
#vulnerability#web#auth

Summary:

A vulnerability was identified in the Barco Control Room Management Suite web application that leads to unauthenticated access to log files by remote attackers. In this case, an unauthenticated remote attacker can get access to the log files which are stored by the server. As a result of this, an attacker can access different kinds of data that is already written in the log file and could potentially use this information to create crafted requests & perform advanced attacks.

Issue severity:

Medium

Source:

The issue was notified to Barco through Barco’s responsible disclosure program by security researcher Murat Aydemir.

Affected products:

Barco Control Room Management Suite web application all versions before 3.14.1 release.

Fixed software:

The fix is available as part of Barco’s TransForm N 3.14.1 release. It is highly recommended to apply the fixes as part of this package. Further details of the release package are available in the release notes here.

TransForm N (TFN) stands for Barco’s visualization platform, consisting of display wall controller output nodes, input nodes, system and gateway nodes and the Control room Management software Suite (CMS). TransForm N helps control room professionals to collect all possible types of source data as well as organize and transform this source data in the most efficient and transparent way to create visual information on display walls.

Properties

[KB12677]

Last updated May 24 2022

Was this information helpful?

Related news

CVE-2022-35118: AARO-Bugs/AARO-CVE-List.md at master · Accenture/AARO-Bugs

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907