CVE-2020-5359

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data.

CVSS v3 5.8 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities	Vendor Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:oracle:database:12.1.0.2::::enterprise:::
	cpe:2.3:a:oracle:database:12.2.0.1::::enterprise:::
	cpe:2.3:a:oracle:database:18c::::enterprise:::
	cpe:2.3:a:oracle:database:19c::::enterprise:::
	cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:11.1.1.9.0:::::::*
	cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:::::::*

History

No history.

Information

Published : 2020-12-16 16:15

Updated : 2024-02-28 18:08

NVD link : CVE-2020-5359

Mitre link : CVE-2020-5359

CVE.ORG link : CVE-2020-5359

JSON object : View

Products Affected

oracle

weblogic_server_proxy_plug-in
database

dell

bsafe_micro-edition-suite

CWE

CWE-252

Unchecked Return Value

CWE-544

Missing Standardized Error Handling Mechanism

{"id": "CVE-2020-5359", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-12-16T16:15:14.320", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-252"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-544"}]}], "descriptions": [{"lang": "en", "value": "Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data."}, {"lang": "es", "value": "Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5, son susceptibles a una Vulnerabilidad de Valor de Retorno No Comprobado. Un atacante remoto no autenticado podr\u00eda potencialmente explotar esta vulnerabilidad para modificar y corromper los datos cifrados"}], "lastModified": "2021-12-09T18:21:28.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "838D4372-D93F-4BAD-90C2-E6E3BB18C2A9", "versionEndExcluding": "4.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "89FE33CE-5995-4C53-8331-B49156F852B3"}, {"criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B"}, {"criteria": "cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "20352616-6BCA-485D-8DD7-DFC97AD6A30D"}, {"criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:11.1.1.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "068876EF-0594-4BE6-B9EC-04730837013E"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A4AE8A2-62D9-4C08-A608-A057895E4E46"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}