9.8
CVE-2020-29508
- EPSS 0.24%
- Published 11.07.2022 20:15:08
- Last modified 21.11.2024 05:24:08
- Source security_alert@emc.com
- Teams watchlist Login
- Open Login
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.
Data is provided by the National Vulnerability Database (NVD)
Dell ≫ Bsafe Crypto-c-micro-edition Version < 4.1.5
Dell ≫ Bsafe Micro-edition-suite Version < 4.6
Oracle ≫ HTTP Server Version12.2.1.3.0
Oracle ≫ HTTP Server Version12.2.1.4.0
Oracle ≫ Security Service Version12.2.1.3.0
Oracle ≫ Security Service Version12.2.1.4.0
Oracle ≫ Weblogic Server Proxy Plug-in Version12.2.1.3.0
Oracle ≫ Weblogic Server Proxy Plug-in Version12.2.1.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.462 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| security_alert@emc.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-331 Insufficient Entropy
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.