← back
CVE-2020-14946

CVE-2020-14946

23Vexday Risk Score

No sign of exploitation. It has a public proof of concept.

ssvc Attendepss 7.7%
from disclosure to weapon22 days
Published on NVDJun 22
1st PoC+22d
exploitation probability
7.7%top 6% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.