Vulnerability Details : CVE-2020-26185

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.

Vulnerability category: Input validation

Published 2022-06-01 15:15:09

Updated 2022-11-29 02:48:43

Source Dell

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-26185

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 27 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: [email protected] (Secondary)
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: [email protected] (Primary)

Oracle » Http Server » Version: 12.2.1.3.0
cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
Matching versions
Oracle » Http Server » Version: 12.2.1.4.0
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
Matching versions
Oracle » Database » Version: 19C Enterprise Edition
cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*
Matching versions
Oracle » Database » Version: 12.1.0.2 Enterprise Edition
cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*
Matching versions
Oracle » Database » Version: 21C Enterprise Edition
cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*
Matching versions
Oracle » Security Service » Version: 12.2.1.3.0
cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*
Matching versions
Oracle » Security Service » Version: 12.2.1.4.0
cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*
Matching versions
Oracle » Weblogic Server Proxy Plug-in » Version: 12.2.1.4.0
cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*
Matching versions
Oracle » Weblogic Server Proxy Plug-in » Version: 12.2.1.3.0
cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*
Matching versions
Dell » Bsafe Micro-edition-suite
Versions before (<) 4.5.1
cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*
Matching versions