CVE-2020-1971

Published: Dic 08, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-12761 Aliases: GSD-2020-1971
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,9
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM 4,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial

Description

AI Translation Available

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the '-crl_download' option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0035
Percentile
0,6th
Updated

EPSS Score Trend (Last 91 Days)

476

NULL Pointer Dereference

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands Read Memory Modify Memory
Applicable Platforms
Languages: C, C#, C++, Go, Java
Likelihood of Exploit: Medium
View CWE Details
Hardware

Hci Storage Node by Netapp

Product Information
Vendor Netapp
Product Hci Storage Node
Version -
cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jd Edwards World Security by Oracle

Product Information
Vendor Oracle
Product Jd Edwards World Security
Version a9.4
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Aff A250 Firmware by Netapp

Product Information
Vendor Netapp
Product Aff A250 Firmware
Version -
cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Mysql by Oracle

Product Information
Vendor Oracle
Product Mysql
Version Range Affected
To 8.0.22 (inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Node.Js by Nodejs

Product Information
Vendor Nodejs
Product Node.Js
Version Range Affected
From 15.0.0 (inclusive)
To 15.5.0 (exclusive)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Session Border Controller by Oracle

Product Information
Vendor Oracle
Product Communications Session Border Controller
Version cz8.3
cpe:2.3:a:oracle:communications_session_border_controller:cz8.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Node.Js by Nodejs

Product Information
Vendor Nodejs
Product Node.Js
Version Range Affected
From 10.0.0 (inclusive)
To 10.12.0 (inclusive)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Enterprise Communications Broker by Oracle

Product Information
Vendor Oracle
Product Enterprise Communications Broker
Version pcz3.2
cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Node.Js by Nodejs

Product Information
Vendor Nodejs
Product Node.Js
Version Range Affected
From 14.15.0 (inclusive)
To 14.15.4 (exclusive)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Node.Js by Nodejs

Product Information
Vendor Nodejs
Product Node.Js
Version Range Affected
From 10.13.0 (inclusive)
To 10.23.1 (exclusive)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Santricity Smi-S Provider by Netapp

Product Information
Vendor Netapp
Product Santricity Smi-S Provider
Version -
cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fedora by Fedoraproject

Product Information
Vendor Fedoraproject
Product Fedora
Version 32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Essbase by Oracle

Product Information
Vendor Oracle
Product Essbase
Version 21.2
cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Active Iq Unified Manager by Netapp

Product Information
Vendor Netapp
Product Active Iq Unified Manager
Version -
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Node.Js by Nodejs

Product Information
Vendor Nodejs
Product Node.Js
Version Range Affected
From 14.0.0 (inclusive)
To 14.14.0 (inclusive)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Session Border Controller by Oracle

Product Information
Vendor Oracle
Product Communications Session Border Controller
Version cz8.2
cpe:2.3:a:oracle:communications_session_border_controller:cz8.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Log Correlation Engine by Tenable

Product Information
Vendor Tenable
Product Log Correlation Engine
Version Range Affected
To 6.0.9 (exclusive)
cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Enterprise Communications Broker by Oracle

Product Information
Vendor Oracle
Product Enterprise Communications Broker
Version pcz3.3
cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jd Edwards Enterpriseone Tools by Oracle

Product Information
Vendor Oracle
Product Jd Edwards Enterpriseone Tools
Version Range Affected
To 9.2.5.3 (exclusive)
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Openssl by Openssl

Product Information
Vendor Openssl
Product Openssl
Version Range Affected
From 1.0.2 (inclusive)
To 1.0.2x (exclusive)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ef600A Firmware by Netapp

Product Information
Vendor Netapp
Product Ef600A Firmware
Version -
cpe:2.3:o:netapp:ef600a_firmware:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Node.Js by Nodejs

Product Information
Vendor Nodejs
Product Node.Js
Version Range Affected
From 12.0.0 (inclusive)
To 12.12.0 (inclusive)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Oncommand Workflow Automation by Netapp

Product Information
Vendor Netapp
Product Oncommand Workflow Automation
Version -
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Node.Js by Nodejs

Product Information
Vendor Nodejs
Product Node.Js
Version Range Affected
From 12.13.0 (inclusive)
To 12.20.1 (exclusive)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Session Router by Oracle

Product Information
Vendor Oracle
Product Communications Session Router
Version cz8.2
cpe:2.3:a:oracle:communications_session_router:cz8.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Session Router by Oracle

Product Information
Vendor Oracle
Product Communications Session Router
Version cz8.3
cpe:2.3:a:oracle:communications_session_router:cz8.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Subscriber-Aware Load Balancer by Oracle

Product Information
Vendor Oracle
Product Communications Subscriber-Aware Load Balancer
Version cz8.3
cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Enterprise Manager For Storage Management by Oracle

Product Information
Vendor Oracle
Product Enterprise Manager For Storage Management
Version 13.4.0.0
cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Clustered Data Ontap Antivirus Connector by Netapp

Product Information
Vendor Netapp
Product Clustered Data Ontap Antivirus Connector
Version -
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Session Border Controller by Oracle

Product Information
Vendor Oracle
Product Communications Session Border Controller
Version cz8.4
cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Subscriber-Aware Load Balancer by Oracle

Product Information
Vendor Oracle
Product Communications Subscriber-Aware Load Balancer
Version cz8.2
cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Data Ontap by Netapp

Product Information
Vendor Netapp
Product Data Ontap
Version -
cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Enterprise Manager Base Platform by Oracle

Product Information
Vendor Oracle
Product Enterprise Manager Base Platform
Version 13.3.0.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Business Intelligence by Oracle

Product Information
Vendor Oracle
Product Business Intelligence
Version 12.2.1.3.0
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Peoplesoft Enterprise Peopletools by Oracle

Product Information
Vendor Oracle
Product Peoplesoft Enterprise Peopletools
Version 8.57
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Business Intelligence by Oracle

Product Information
Vendor Oracle
Product Business Intelligence
Version 12.2.1.4.0
cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Enterprise Communications Broker by Oracle

Product Information
Vendor Oracle
Product Enterprise Communications Broker
Version pcz3.1
cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Graalvm by Oracle

Product Information
Vendor Oracle
Product Graalvm
Version 19.3.4
cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Unified Session Manager by Oracle

Product Information
Vendor Oracle
Product Communications Unified Session Manager
Version scz8.2.5
cpe:2.3:a:oracle:communications_unified_session_manager:scz8.2.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Hci Management Node by Netapp

Product Information
Vendor Netapp
Product Hci Management Node
Version -
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Diameter Intelligence Hub by Oracle

Product Information
Vendor Oracle
Product Communications Diameter Intelligence Hub
Version Range Affected
From 8.2.0 (inclusive)
To 8.2.3 (inclusive)
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Api Gateway by Oracle

Product Information
Vendor Oracle
Product Api Gateway
Version 11.1.2.4.0
cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Solidfire by Netapp

Product Information
Vendor Netapp
Product Solidfire
Version -
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Nessus Network Monitor by Tenable

Product Information
Vendor Tenable
Product Nessus Network Monitor
Version Range Affected
To 5.13.1 (exclusive)
cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Http Server by Oracle

Product Information
Vendor Oracle
Product Http Server
Version 12.2.1.4.0
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Hardware

Hci Compute Node by Netapp

Product Information
Vendor Netapp
Product Hci Compute Node
Version -
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Enterprise Manager Ops Center by Oracle

Product Information
Vendor Oracle
Product Enterprise Manager Ops Center
Version 12.4.0.0
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Sinec Infrastructure Network Services by Siemens

Product Information
Vendor Siemens
Product Sinec Infrastructure Network Services
Version Range Affected
To 1.0.1.1 (exclusive)
cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Enterprise Session Border Controller by Oracle

Product Information
Vendor Oracle
Product Enterprise Session Border Controller
Version cz8.3
cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Mysql Server by Oracle

Product Information
Vendor Oracle
Product Mysql Server
Version Range Affected
To 5.7.32 (inclusive)
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Active Iq Unified Manager by Netapp

Product Information
Vendor Netapp
Product Active Iq Unified Manager
Version -
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Diameter Intelligence Hub by Oracle

Product Information
Vendor Oracle
Product Communications Diameter Intelligence Hub
Version Range Affected
From 8.0.0 (inclusive)
To 8.1.0 (inclusive)
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Business Intelligence by Oracle

Product Information
Vendor Oracle
Product Business Intelligence
Version 5.9.0.0.0
cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Mysql Server by Oracle

Product Information
Vendor Oracle
Product Mysql Server
Version Range Affected
From 8.0.15 (inclusive)
To 8.0.22 (inclusive)
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Subscriber-Aware Load Balancer by Oracle

Product Information
Vendor Oracle
Product Communications Subscriber-Aware Load Balancer
Version cz8.4
cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Graalvm by Oracle

Product Information
Vendor Oracle
Product Graalvm
Version 20.3.0
cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

E-Series Santricity Os Controller by Netapp

Product Information
Vendor Netapp
Product E-Series Santricity Os Controller
Version Range Affected
From 11.0.0 (inclusive)
To 11.60.3 (inclusive)
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Snapcenter by Netapp

Product Information
Vendor Netapp
Product Snapcenter
Version -
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Openssl by Openssl

Product Information
Vendor Openssl
Product Openssl
Version Range Affected
From 1.1.1 (inclusive)
To 1.1.1i (exclusive)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Cloud Native Core Network Function Cloud Native Environment by Oracle

Product Information
Vendor Oracle
Product Communications Cloud Native Core Network Function Cloud Native Environment
Version 1.10.0
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Peoplesoft Enterprise Peopletools by Oracle

Product Information
Vendor Oracle
Product Peoplesoft Enterprise Peopletools
Version 8.56
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Enterprise Manager Base Platform by Oracle

Product Information
Vendor Oracle
Product Enterprise Manager Base Platform
Version 13.4.0.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Manageability Software Development Kit by Netapp

Product Information
Vendor Netapp
Product Manageability Software Development Kit
Version -
cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Business Intelligence by Oracle

Product Information
Vendor Oracle
Product Business Intelligence
Version 5.5.0.0.0
cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Peoplesoft Enterprise Peopletools by Oracle

Product Information
Vendor Oracle
Product Peoplesoft Enterprise Peopletools
Version 8.58
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fedora by Fedoraproject

Product Information
Vendor Fedoraproject
Product Fedora
Version 33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Enterprise Session Border Controller by Oracle

Product Information
Vendor Oracle
Product Enterprise Session Border Controller
Version cz8.2
cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Session Router by Oracle

Product Information
Vendor Oracle
Product Communications Session Router
Version cz8.4
cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Oncommand Insight by Netapp

Product Information
Vendor Netapp
Product Oncommand Insight
Version -
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Enterprise Session Border Controller by Oracle

Product Information
Vendor Oracle
Product Enterprise Session Border Controller
Version cz8.4
cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Plug-In For Symantec Netbackup by Netapp

Product Information
Vendor Netapp
Product Plug-In For Symantec Netbackup
Version -
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.…
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdif…
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede…
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdif…
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3…
https://kb.pulsesecure.net/articles/Pulse_Security_Advisori…
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676
https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4…
https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898c…
https://lists.apache.org/thread.html/rbb769f771711fb274e0a4…
https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6a…
https://lists.debian.org/debian-lts-announce/2020/12/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html
https://lists.debian.org/debian-lts-announce/2020/12/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.op…
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc
https://security.gentoo.org/glsa/202012-13
Third Party Advisory
https://security.gentoo.org/glsa/202012-13
https://security.netapp.com/advisory/ntap-20201218-0005/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20201218-0005/
https://security.netapp.com/advisory/ntap-20210513-0002/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210513-0002/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.debian.org/security/2020/dsa-4807
Third Party Advisory
https://www.debian.org/security/2020/dsa-4807
https://www.openssl.org/news/secadv/20201208.txt
Vendor Advisory
https://www.openssl.org/news/secadv/20201208.txt
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
Patch Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2020-11
Third Party Advisory
https://www.tenable.com/security/tns-2020-11
https://www.tenable.com/security/tns-2021-09
Third Party Advisory
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10
Third Party Advisory
https://www.tenable.com/security/tns-2021-10
http://www.openwall.com/lists/oss-security/2021/09/14/2
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/09/14/2
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.…
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdif…
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede…
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdif…
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3…
https://kb.pulsesecure.net/articles/Pulse_Security_Advisori…
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676
https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4…
https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898c…
https://lists.apache.org/thread.html/rbb769f771711fb274e0a4…
https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6a…
https://lists.debian.org/debian-lts-announce/2020/12/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html
https://lists.debian.org/debian-lts-announce/2020/12/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.op…
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc
https://security.gentoo.org/glsa/202012-13
Third Party Advisory
https://security.gentoo.org/glsa/202012-13
https://security.netapp.com/advisory/ntap-20201218-0005/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20201218-0005/
https://security.netapp.com/advisory/ntap-20210513-0002/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210513-0002/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.debian.org/security/2020/dsa-4807
Third Party Advisory
https://www.debian.org/security/2020/dsa-4807
https://www.openssl.org/news/secadv/20201208.txt
Vendor Advisory
https://www.openssl.org/news/secadv/20201208.txt
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
Patch Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2020-11
Third Party Advisory
https://www.tenable.com/security/tns-2020-11
https://www.tenable.com/security/tns-2021-09
Third Party Advisory
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10
Third Party Advisory
https://www.tenable.com/security/tns-2021-10
http://www.openwall.com/lists/oss-security/2021/09/14/2
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/09/14/2