{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T23:01:35.622","vulnerabilities":[{"cve":{"id":"CVE-2020-36948","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-01-27T16:16:12.213","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions."},{"lang":"es","value":"VestaCP 0.9.8-26 contiene una vulnerabilidad de token de sesión en el módulo LoginAs que permite a atacantes remotos manipular tokens de autenticación. Los atacantes pueden explotar la validación insuficiente de tokens para acceder a cuentas de usuario y realizar solicitudes de inicio de sesión no autorizadas sin los permisos administrativos adecuados."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://vestacp.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/49219","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/vestacp-loginas-insufficient-session-validation","source":"disclosure@vulncheck.com"},{"url":"https://www.vulnerability-lab.com/get_content.php?id=2240","source":"disclosure@vulncheck.com"},{"url":"https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/49219","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.vulnerability-lab.com/get_content.php?id=2240","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}