CVE-2020-5360

Published: Dic 16, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-26542 Aliases: GSD-2020-5360
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial

Description

AI Translation Available

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0180
Percentile
0,8th
Updated

EPSS Score Trend (Last 90 Days)

125

Out-of-bounds Read

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Availability Other
Potential Impacts:
Read Memory Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Varies By Context
Applicable Platforms
Languages: C, C++, Memory-Unsafe
Technologies: ICS/OT
View CWE Details
127

Buffer Under-read

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Memory Bypass Protection Mechanism
Applicable Platforms
Languages: C, C++, Memory-Unsafe
View CWE Details
Application

Security Service by Oracle

Product Information
Vendor Oracle
Product Security Service
Version 11.1.1.9.0
cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Weblogic Server Proxy Plug-In by Oracle

Product Information
Vendor Oracle
Product Weblogic Server Proxy Plug-In
Version 11.1.1.9.0
cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:11.1.1.9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Database by Oracle

Product Information
Vendor Oracle
Product Database
Version 18c
cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Database by Oracle

Product Information
Vendor Oracle
Product Database
Version 12.2.0.1
cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Weblogic Server Proxy Plug-In by Oracle

Product Information
Vendor Oracle
Product Weblogic Server Proxy Plug-In
Version 12.2.1.4.0
cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Bsafe Micro-Edition-Suite by Dell

Product Information
Vendor Dell
Product Bsafe Micro-Edition-Suite
Version Range Affected
To 4.5 (exclusive)
cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Database by Oracle

Product Information
Vendor Oracle
Product Database
Version 12.1.0.2
cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Http Server by Oracle

Product Information
Vendor Oracle
Product Http Server
Version 12.2.1.4.0
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Database by Oracle

Product Information
Vendor Oracle
Product Database
Version 19c
cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Security Service by Oracle

Product Information
Vendor Oracle
Product Security Service
Version 12.2.1.4.0
cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Security Service by Oracle

Product Information
Vendor Oracle
Product Security Service
Version 12.1.3.0
cpe:2.3:a:oracle:security_service:12.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Http Server by Oracle

Product Information
Vendor Oracle
Product Http Server
Version 12.1.3.0
cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Weblogic Server Proxy Plug-In by Oracle

Product Information
Vendor Oracle
Product Weblogic Server Proxy Plug-In
Version 12.1.3.0
cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Http Server by Oracle

Product Information
Vendor Oracle
Product Http Server
Version 11.1.1.9.0
cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020…
Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micr…
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020…
Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micr…
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html