Lucene search

[email protected]NVD:CVE-2020-5359

HistoryDec 16, 2020 - 4:15 p.m.

CVE-2020-5359

2020-12-1616:15:14

CWE-252

CWE-544

[email protected]

web.nvd.nist.gov

dell bsafe

unchecked return value

encryption

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data.

Affected configurations

Nvd

Node

dellbsafe_micro-edition-suiteRange<4.5

Node

oracledatabaseMatch12.1.0.2enterprise

oracledatabaseMatch12.2.0.1enterprise

oracledatabaseMatch18centerprise

oracledatabaseMatch19centerprise

oracleweblogic_server_proxy_plug-inMatch11.1.1.9.0

oracleweblogic_server_proxy_plug-inMatch12.2.1.3.0

oracleweblogic_server_proxy_plug-inMatch12.2.1.4.0

VendorProductVersionCPE
dellbsafe_micro-edition-suite*cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*
oracledatabase12.1.0.2cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*
oracledatabase12.2.0.1cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*
oracledatabase18ccpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*
oracledatabase19ccpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*
oracleweblogic_server_proxy_plug-in11.1.1.9.0cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:11.1.1.9.0:*:*:*:*:*:*:*
oracleweblogic_server_proxy_plug-in12.2.1.3.0cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*
oracleweblogic_server_proxy_plug-in12.2.1.4.0cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	bsafe_micro-edition-suite	*	cpe:2.3:a:dell:bsafe_micro-edition-suite::::::::
oracle	database	12.1.0.2	cpe:2.3:a:oracle:database:12.1.0.2::::enterprise:::
oracle	database	12.2.0.1	cpe:2.3:a:oracle:database:12.2.0.1::::enterprise:::
oracle	database	18c	cpe:2.3:a:oracle:database:18c::::enterprise:::
oracle	database	19c	cpe:2.3:a:oracle:database:19c::::enterprise:::
oracle	weblogic_server_proxy_plug-in	11.1.1.9.0	cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:11.1.1.9.0:::::::*
oracle	weblogic_server_proxy_plug-in	12.2.1.3.0	cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:::::::*
oracle	weblogic_server_proxy_plug-in	12.2.1.4.0	cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:::::::*

References

www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities

www.oracle.com/security-alerts/cpuApr2021.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

Related for NVD:CVE-2020-5359

prion1 cvelist1 cve1 nessus1 oracle1