CVE-2020-36895

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-36895

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36895.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36895

Published

2025-12-10T21:16:01.900Z

Modified

2026-03-15T22:38:11.309218Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposing administrative credentials, database connection details, and system configuration information.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.8.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36895.json"