Lucene search

[email protected]NVD:CVE-2020-28052

HistoryDec 18, 2020 - 1:15 a.m.

CVE-2020-28052

2020-12-1801:15:12

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.6%

JSON

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

Affected configurations

NVD

Node

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.65

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.66

Node

apachekarafMatch4.3.2

Node

oraclebanking_corporate_lending_process_managementMatch14.2.0

oraclebanking_corporate_lending_process_managementMatch14.3.0

oraclebanking_corporate_lending_process_managementMatch14.5.0

oraclebanking_credit_facilities_process_managementMatch14.2.0

oraclebanking_credit_facilities_process_managementMatch14.3.0

oraclebanking_credit_facilities_process_managementMatch14.5.0

oraclebanking_extensibility_workbenchMatch14.2.0

oraclebanking_extensibility_workbenchMatch14.3.0

oraclebanking_extensibility_workbenchMatch14.5.0

oraclebanking_supply_chain_financeMatch14.2.0

oraclebanking_supply_chain_financeMatch14.3.0

oraclebanking_supply_chain_financeMatch14.5.0

oraclebanking_virtual_account_managementMatch14.2.0

oraclebanking_virtual_account_managementMatch14.3.0

oraclebanking_virtual_account_managementMatch14.5.0

oracleblockchain_platformRange<21.1.2

oraclecommerce_guided_searchMatch11.3.2

oraclecommunications_application_session_controllerMatch3.9m0p3

oraclecommunications_cloud_native_core_network_slice_selection_functionMatch1.2.1

oraclecommunications_convergenceMatch3.0.2.2.0

oraclecommunications_pricing_design_centerMatch12.0.0.3.0

oraclecommunications_session_report_managerRange8.0.0–8.2.4.0

oraclecommunications_session_route_managerRange8.2.0–8.2.4

oraclejd_edwards_enterpriseone_toolsRange≤9.2.5.3

oraclepeoplesoft_enterprise_peopletoolsMatch8.56

oraclepeoplesoft_enterprise_peopletoolsMatch8.57

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

oracleutilities_frameworkMatch4.3.0.6.0

oracleutilities_frameworkMatch4.4.0.0.0

oracleutilities_frameworkMatch4.4.0.2.0

oracleutilities_frameworkMatch4.4.0.3.0

oraclewebcenter_portalMatch11.1.1.9.0

oraclewebcenter_portalMatch12.2.1.3.0

oraclewebcenter_portalMatch12.2.1.4.0

oraclecommunications_messaging_serverMatch8.0.2

oraclecommunications_messaging_serverMatch8.1

References

github.com/bcgit/bc-java/wiki/CVE-2020-28052

lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E

lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53%40%3Ccommits.pulsar.apache.org%3E

lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E

lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E

lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc%40%3Ccommits.pulsar.apache.org%3E

lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E

lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E

lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E

lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E

lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E

lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E

lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d%40%3Cjira.kafka.apache.org%3E

lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E

lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E

www.bouncycastle.org/releasenotes.html

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.6%

JSON

Related for NVD:CVE-2020-28052

freebsd1 github1 osv1 debiancve1 cvelist1 cve1 redhatcve1 ubuntucve1 prion1 nessus9 githubexploit2 veracode1 ibm3 redhat11 oracle8