CVE-2020-10097

{"id": "CVE-2020-10097", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-03-05T01:15:11.083", "references": [{"url": "https://zammad.com/news/security-advisory-zaa-2020-10", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://zammad.com/news/security-advisory-zaa-2020-10", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Zammad versiones 3.0 hasta 3.2. Puede responder con mensajes de error detallados que revelan informaci\u00f3n interna de la aplicaci\u00f3n o la infraestructura. Esta informaci\u00f3n podr\u00eda ayudar a atacantes en la explotaci\u00f3n con \u00e9xito de otras vulnerabilidades."}], "lastModified": "2024-11-21T04:54:48.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AD23B79-5882-4221-8D16-D332A1441814", "versionEndIncluding": "3.2.0", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}