CVE-2020-5359

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data.

CVSS v3 5.8 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities	Vendor Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:oracle:database:12.1.0.2::::enterprise:::
	cpe:2.3:a:oracle:database:12.2.0.1::::enterprise:::
	cpe:2.3:a:oracle:database:18c::::enterprise:::
	cpe:2.3:a:oracle:database:19c::::enterprise:::
	cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:11.1.1.9.0:::::::*
	cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:::::::*

History

09 Dec 2021, 18:21

Type	Values Removed	Values Added
CPE	cpe:2.3:a:dell:bsafe::::::::	cpe:2.3:a:dell:bsafe_micro-edition-suite::::::::

06 Dec 2021, 21:30

Type	Values Removed	Values Added
References	~~(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory
CPE		cpe:2.3:a:oracle:database:19c::::enterprise::: cpe:2.3:a:oracle:database:18c::::enterprise::: cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:::::::* cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:11.1.1.9.0:::::::* cpe:2.3:a:oracle:database:12.2.0.1::::enterprise::: cpe:2.3:a:oracle:database:12.1.0.2::::enterprise::: cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:::::::*

30 Nov 2021, 17:23

Type	Values Removed	Values Added
CPE	cpe:2.3:a:dell:bsafe_micro_edition_suite::::::::	cpe:2.3:a:dell:bsafe::::::::

14 Jun 2021, 18:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -

Information

Published : 2020-12-16 16:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-5359

Mitre link : CVE-2020-5359

CVE.ORG link : CVE-2020-5359

JSON object : View

Products Affected

oracle

weblogic_server_proxy_plug-in
database

dell

bsafe_micro-edition-suite

CWE

CWE-252

Unchecked Return Value

CWE-544

Missing Standardized Error Handling Mechanism

5.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2020-5359

5.8^/10

5.0^/10

Attach tags to `CVE-2020-5359`