216.73.216.86

CVE-2020-36895

· Published 10/12/2025 21:16 · Modified 17/12/2025 19:22

Labels: CVE-2020-36895 2025-12-10CVE-2020-36895CWE-639[email protected]

Essential information

Published
10/12/2025 21:16
Modified
17/12/2025 19:22
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposing administrative credentials, database connection details, and system configuration information.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
eibiz / i-media server digital signage cpe:2.3:a:eibiz:i-media_server_digital_signage:3.8.0:*:*:*:*:*:*:*

References