CVE-2020-14341

EPSS 0.3%
Published 12.01.2021 15:15:13
Last modified 21.11.2024 05:03:02
Source secalert@redhat.com
Teams watchlist Login
Open Login

The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Single Sign-on Version >= 7.0 <= 7.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.501

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

https://bugzilla.redhat.com/show_bug.cgi?id=1860138

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-14341

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14341

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14341

EUVD