7.4
CVE-2020-8203
- EPSS 2.44%
- Published 15.07.2020 17:15:11
- Last modified 21.11.2024 05:38:29
- Source support@hackerone.com
- Teams watchlist Login
- Open Login
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Data is provided by the National Vulnerability Database (NVD)
Oracle ≫ Banking Corporate Lending Process Management Version14.2.0
Oracle ≫ Banking Corporate Lending Process Management Version14.3.0
Oracle ≫ Banking Corporate Lending Process Management Version14.5.0
Oracle ≫ Banking Credit Facilities Process Management Version14.2.0
Oracle ≫ Banking Credit Facilities Process Management Version14.3.0
Oracle ≫ Banking Credit Facilities Process Management Version14.5.0
Oracle ≫ Banking Extensibility Workbench Version14.2.0
Oracle ≫ Banking Extensibility Workbench Version14.3.0
Oracle ≫ Banking Extensibility Workbench Version14.5.0
Oracle ≫ Banking Liquidity Management Version14.2.0
Oracle ≫ Banking Liquidity Management Version14.3.0
Oracle ≫ Banking Liquidity Management Version14.5.0
Oracle ≫ Banking Supply Chain Finance Version14.2.0
Oracle ≫ Banking Supply Chain Finance Version14.3.0
Oracle ≫ Banking Supply Chain Finance Version14.5.0
Oracle ≫ Banking Trade Finance Process Management Version14.2.0
Oracle ≫ Banking Trade Finance Process Management Version14.3.0
Oracle ≫ Banking Trade Finance Process Management Version14.5.0
Oracle ≫ Banking Virtual Account Management Version14.2.0
Oracle ≫ Banking Virtual Account Management Version14.3.0
Oracle ≫ Banking Virtual Account Management Version14.5.0
Oracle ≫ Blockchain Platform Version < 21.1.2
Oracle ≫ Communications Billing And Revenue Management Version7.5.0.23.0
Oracle ≫ Communications Billing And Revenue Management Version12.0.0.3.0
Oracle ≫ Communications Cloud Native Core Policy Version1.11.0
Oracle ≫ Communications Session Border Controller Version8.4
Oracle ≫ Communications Session Border Controller Version9.0
Oracle ≫ Communications Session Border Controller Versioncz8.4
Oracle ≫ Communications Session Router Versioncz8.4
Oracle ≫ Communications Subscriber-aware Load Balancer Versioncz8.3
Oracle ≫ Communications Subscriber-aware Load Balancer Versioncz8.4
Oracle ≫ Enterprise Communications Broker Version3.2.0
Oracle ≫ Enterprise Communications Broker Version3.3.0
Oracle ≫ Enterprise Communications Broker Versionpcz3.3
Oracle ≫ Jd Edwards Enterpriseone Tools Version <= 9.2.6.0
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59
Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.11
Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.12
Oracle ≫ Primavera Gateway Version >= 19.12.0 <= 19.12.11
Oracle ≫ Primavera Gateway Version >= 20.12.0 <= 20.12.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.44% | 0.846 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:P
|
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.