Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-15098
HistoryJul 29, 2020 - 12:00 a.m.

CVE-2020-15098

2020-07-2900:00:00
ubuntu.com
ubuntu.com
13

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.7%

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and
greater than or equal to 10.0.0 and less than 10.4.6, it has been
discovered that an internal verification mechanism can be used to generate
arbitrary checksums. This allows to inject arbitrary data having a valid
cryptographic message authentication code (HMAC-SHA1) and can lead to
various attack chains including potential privilege escalation, insecure
deserialization & remote code execution. The overall severity of this
vulnerability is high based on mentioned attack chains and the requirement
of having a valid backend user session (authenticated). This has been
patched in versions 9.5.20 and 10.4.6.

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.7%