CVE-2020-29507 : Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, conta

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.

Published 2022-07-11 20:15:08

Updated 2022-11-29 02:56:07

Source Dell

View at NVD, CVE.org

Vulnerability category: Input validation

Exploit prediction scoring system (EPSS) score for CVE-2020-29507

Probability of exploitation activity in the next 30 days: 0.20%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 56 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-29507

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	Dell
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2020-29507

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Assigned by:
- nvd@nist.gov (Primary)
- security_alert@emc.com (Secondary)

References for CVE-2020-29507

https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities

Access Denied
Vendor Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujul2022.html

Oracle Critical Patch Update Advisory - July 2022
Patch;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2020-29507

Oracle » Http Server » Version: 12.2.1.3.0
cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
Matching versions
Oracle » Http Server » Version: 12.2.1.4.0
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
Matching versions
Oracle » Database » Version: 19C Enterprise Edition
cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*
Matching versions
Oracle » Database » Version: 12.1.0.2 Enterprise Edition
cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*
Matching versions
Oracle » Database » Version: 21C Enterprise Edition
cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*
Matching versions
Oracle » Security Service » Version: 12.2.1.3.0
cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*
Matching versions
Oracle » Security Service » Version: 12.2.1.4.0
cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*
Matching versions
Oracle » Weblogic Server Proxy Plug-in » Version: 12.2.1.4.0
cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*
Matching versions
Oracle » Weblogic Server Proxy Plug-in » Version: 12.2.1.3.0
cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*
Matching versions
Dell » Bsafe Micro-edition-suite
Versions before (<) 4.4
cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*
Matching versions
Dell » Bsafe Crypto-c-micro-edition
Versions before (<) 4.1.4
cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2020-29507

Exploit prediction scoring system (EPSS) score for CVE-2020-29507

CVSS scores for CVE-2020-29507

CWE ids for CVE-2020-29507

References for CVE-2020-29507

Products affected by CVE-2020-29507