Lucene search

[email protected]NVD:CVE-2020-8203

HistoryJul 15, 2020 - 5:15 p.m.

CVE-2020-8203

2020-07-1517:15:11

CWE-1321

CWE-770

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

0.017 Low

EPSS

Percentile

87.7%

JSON

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

Affected configurations

NVD

Node

lodashlodashRange<4.17.20node.js

Node

oraclebanking_corporate_lending_process_managementMatch14.2.0

oraclebanking_corporate_lending_process_managementMatch14.3.0

oraclebanking_corporate_lending_process_managementMatch14.5.0

oraclebanking_credit_facilities_process_managementMatch14.2.0

oraclebanking_credit_facilities_process_managementMatch14.3.0

oraclebanking_credit_facilities_process_managementMatch14.5.0

oraclebanking_extensibility_workbenchMatch14.2.0

oraclebanking_extensibility_workbenchMatch14.3.0

oraclebanking_extensibility_workbenchMatch14.5.0

oraclebanking_liquidity_managementMatch14.2.0

oraclebanking_liquidity_managementMatch14.3.0

oraclebanking_liquidity_managementMatch14.5.0

oraclebanking_supply_chain_financeMatch14.2.0

oraclebanking_supply_chain_financeMatch14.3.0

oraclebanking_supply_chain_financeMatch14.5.0

oraclebanking_trade_finance_process_managementMatch14.2.0

oraclebanking_trade_finance_process_managementMatch14.3.0

oraclebanking_trade_finance_process_managementMatch14.5.0

oraclebanking_virtual_account_managementMatch14.2.0

oraclebanking_virtual_account_managementMatch14.3.0

oraclebanking_virtual_account_managementMatch14.5.0

oracleblockchain_platformRange<21.1.2

oraclecommunications_billing_and_revenue_managementMatch7.5.0.23.0

oraclecommunications_billing_and_revenue_managementMatch12.0.0.3.0

oraclecommunications_cloud_native_core_policyMatch1.11.0

oraclecommunications_session_border_controllerMatch8.4

oraclecommunications_session_border_controllerMatch9.0

oraclecommunications_session_border_controllerMatchcz8.4

oraclecommunications_session_routerMatchcz8.4

oraclecommunications_subscriber-aware_load_balancerMatchcz8.3

oraclecommunications_subscriber-aware_load_balancerMatchcz8.4

oracleenterprise_communications_brokerMatch3.2.0

oracleenterprise_communications_brokerMatch3.3.0

oracleenterprise_communications_brokerMatchpcz3.3

oraclejd_edwards_enterpriseone_toolsRange≤9.2.6.0

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

oraclepeoplesoft_enterprise_peopletoolsMatch8.59

oracleprimavera_gatewayRange17.12.0–17.12.11

oracleprimavera_gatewayRange18.8.0–18.8.12

oracleprimavera_gatewayRange19.12.0–19.12.11

oracleprimavera_gatewayRange20.12.0–20.12.7

References

github.com/lodash/lodash/issues/4874

hackerone.com/reports/712065

security.netapp.com/advisory/ntap-20200724-0006/

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpuoct2021.html

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

0.017 Low

EPSS

Percentile

87.7%

JSON

Related for NVD:CVE-2020-8203

ibm32 cvelist1 githubexploit1 osv2 prion1 redhatcve1 ubuntucve1 veracode1 debiancve1 github1 cve1 hackerone1 huntr1 nessus6 redhat7 redos1 checkpoint_advisories1 oracle5