CVE-2020-28052
HIGH
8,1
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM
6,8
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0306
Percentile
0,9th
Updated
EPSS Score Trend (Last 90 Days)
Application
Banking Credit Facilities Process Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Corporate Lending Process Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jd Edwards Enterpriseone Tools by Oracle
Version Range Affected
To
9.2.5.3
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Virtual Account Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Supply Chain Finance by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Bc-Java by Bouncycastle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:bouncycastle:bc-java:1.66:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Commerce Guided Search by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Supply Chain Finance by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Karaf by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:karaf:4.3.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Utilities Framework by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Application Session Controller by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Credit Facilities Process Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Webcenter Portal by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Supply Chain Finance by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Communications Messaging Server by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Utilities Framework by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Convergence by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Peoplesoft Enterprise Peopletools by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Utilities Framework by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Extensibility Workbench by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Credit Facilities Process Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Extensibility Workbench by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Utilities Framework by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Session Report Manager by Oracle
Version Range Affected
From
8.0.0
(inclusive)
To
8.2.4.0
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Cloud Native Core Network Slice Selection Function by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Corporate Lending Process Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Session Route Manager by Oracle
Version Range Affected
From
8.2.0
(inclusive)
To
8.2.4
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Peoplesoft Enterprise Peopletools by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Blockchain Platform by Oracle
Version Range Affected
To
21.1.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Virtual Account Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Webcenter Portal by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Webcenter Portal by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Pricing Design Center by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Virtual Account Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Peoplesoft Enterprise Peopletools by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Communications Messaging Server by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Extensibility Workbench by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Bc-Java by Bouncycastle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:bouncycastle:bc-java:1.65:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Banking Corporate Lending Process Management by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/bcgit/bc-java/wiki/CVE-2020-28052
https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c252…
https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b…
https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee909…
https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e…
https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fd…
https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab64512…
https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907…
https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf…
https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315…
https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b…
https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c8…
https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb60086…
https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c9…
https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b…
https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f88193…
https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a3…
https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb558…
https://www.bouncycastle.org/releasenotes.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/
https://github.com/bcgit/bc-java/wiki/CVE-2020-28052
https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c252…
https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b…
https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee909…
https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e…
https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fd…
https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab64512…
https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907…
https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf…
https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315…
https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b…
https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c8…
https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb60086…
https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c9…
https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b…
https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f88193…
https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a3…
https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb558…
https://www.bouncycastle.org/releasenotes.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/