CVE CVE-2020-15170 Mappings

apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internet(which is not recommended), there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access control built-in. Malicious hackers may access apollo-adminservice apis directly to access/edit the application's configurations. To fix the potential issue without upgrading, simply follow the advice that do not expose apollo-adminservice to internet.


Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2020-15170 apollo primary_impact T1190 Exploit Public-Facing Application
CVE-2020-15170 apollo primary_impact T1478 Install Insecure or Malicious Configuration