AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.
PUBLISHED5.2CWE-798
AMSS++ 4.7 - Backdoor Admin Account
Problem type
Affected products
Amssplus
AMSS++
4.7 - AFFECTED
References
ExploitDB-48114
https://www.exploit-db.com/exploits/48114
VulnCheck Advisory: AMSS++ 4.7 - Backdoor Admin Account
https://www.vulncheck.com/advisories/amss-backdoor-admin-account
GitHub Security Advisories
GHSA-ffff-75w5-5j62
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access...
https://github.com/advisories/GHSA-ffff-75w5-5j62AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2020-37135Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2020-37135",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2026-02-06T23:14:07.110Z",
"dateReserved": "2026-02-03T16:27:45.307Z",
"datePublished": "2026-02-06T23:14:07.110Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2026-02-06T23:14:07.110Z"
},
"datePublic": "2020-02-23T00:00:00.000Z",
"title": "AMSS++ 4.7 - Backdoor Admin Account",
"descriptions": [
{
"lang": "en",
"value": "AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative access to the system."
}
],
"affected": [
{
"vendor": "Amssplus",
"product": "AMSS++",
"versions": [
{
"version": "4.7",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Use of Hard-coded Credentials",
"cweId": "CWE-798",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.exploit-db.com/exploits/48114",
"name": "ExploitDB-48114",
"tags": [
"exploit"
]
},
{
"url": "https://www.vulncheck.com/advisories/amss-backdoor-admin-account",
"name": "VulnCheck Advisory: AMSS++ 4.7 - Backdoor Admin Account",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS"
},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
}
],
"credits": [
{
"lang": "en",
"value": "indoushka",
"type": "finder"
}
]
}
}
}