CVE-2020-5360

Published Dec 16, 2020

Last updated 3 years ago

CVSS high 7.5

Overview

Description: Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.
Source: security_alert@emc.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-125
security_alert@emc.com: CWE-127

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "838D4372-D93F-4BAD-90C2-E6E3BB18C2A9",
            "versionEndExcluding": "4.5"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:http_server:11.1.1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBD2676F-EE9D-4462-ABA5-C11CE726849C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD4552F9-F5B9-4A52-BA5C-D32D49FABD28"
          },
          {
            "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "008518E5-4814-46AA-B9E7-A3B2635D6D4B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:security_service:12.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D47F41D7-8C75-47F3-8DF3-CC15378FBB71"
          },
          {
            "criteria": "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D345C2D3-6AA5-4573-8397-ED1EB0153DB9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:11.1.1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "068876EF-0594-4BE6-B9EC-04730837013E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF3EA2E7-D903-4AA3-B38C-1EE71DF52276"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References