exploitDog

CVE-2020-6865

Опубликовано: 30 апр. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. This affects: OSCP versions V16.19.10 and V16.19.20.

Ссылки

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012782
Vendor Advisory
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012782
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zte:oscp:16.19.10:*:*:*:*:*:*:*

cpe:2.3:a:zte:oscp:16.19.20:*:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00327

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-836h-456r-hxj5

github

больше 3 лет назад

ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. This affects: OSCP versions V16.19.10 and V16.19.20.

EPSS

Процентиль: 55%

0.00327

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200