CVE-2020-12715
Description
RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- RainbowFish/PacsOne Serverdescription
- Range: = 6.8.4
Patches
Vulnerability mechanics
Root cause
"Incorrect access control in PacsOne Server 6.8.4 allows unauthorized access to restricted resources or functionality."
Attack vector
An attacker can exploit incorrect access controls in PacsOne Server 6.8.4 to access resources or perform actions that should be restricted. The advisory does not detail the specific network path, preconditions, or payload shape required. Based on the general "Incorrect Access Control" classification, the attacker likely sends crafted HTTP requests to the web interface that bypass authorization checks, but no concrete attack vector is described in the bundle [ref_id=1].
Affected code
The advisory does not specify particular functions, files, or code paths. The vulnerability is described only as "Incorrect Access Control" in PacsOne Server version 6.8.4 [ref_id=1]. No patch or code-level detail is provided in the bundle.
What the fix does
No patch is included in the bundle. The vendor's download page lists subsequent releases (e.g., 7.2.1 through 7.3.9) with various bug fixes and security improvements, but none explicitly reference CVE-2020-12715 or the access control issue in version 6.8.4 [ref_id=1]. Without a published fix or advisory, the remediation guidance is unavailable from the provided materials.
Preconditions
- networkNetwork access to the PacsOne Server web interface
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- github.com/bzyo/cve-pocs/tree/master/CVE-2020-12715mitrex_refsource_MISC
- www.pacsone.net/download.htmmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.