Details of VAR-202004-0530

ID

VAR-202004-0530

CVE

CVE-2020-12243

TITLE

OpenLDAP Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005084

DESCRIPTION

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). OpenLDAP Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. The filter.c file of slapd in versions earlier than OpenLDAP 2.4.50 has a security vulnerability. ========================================================================= Ubuntu Security Notice USN-4352-2 May 06, 2020 openldap vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: OpenLDAP could be made to crash if it received specially crafted network traffic. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that OpenLDAP incorrectly handled certain queries. A remote attacker could possibly use this issue to cause OpenLDAP to consume resources, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: slapd 2.4.31-1+nmu2ubuntu8.5+esm2 Ubuntu 12.04 ESM: slapd 2.4.28-1.1ubuntu4.10 In general, a standard system update will make all the necessary changes. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. Summary: Red Hat Ansible Automation Platform Resource Operator 1.2 (technical preview) images that fix several security issues. Description: Red Hat Ansible Automation Platform Resource Operator container images with security fixes. Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openldap security update Advisory ID: RHSA-2020:4041-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4041 Issue date: 2020-09-29 CVE Names: CVE-2020-12243 ==================================================================== 1. Summary: An update for openldap is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openldap-2.4.44-22.el7.src.rpm x86_64: openldap-2.4.44-22.el7.i686.rpm openldap-2.4.44-22.el7.x86_64.rpm openldap-clients-2.4.44-22.el7.x86_64.rpm openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-devel-2.4.44-22.el7.i686.rpm openldap-devel-2.4.44-22.el7.x86_64.rpm openldap-servers-2.4.44-22.el7.x86_64.rpm openldap-servers-sql-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openldap-2.4.44-22.el7.src.rpm x86_64: openldap-2.4.44-22.el7.i686.rpm openldap-2.4.44-22.el7.x86_64.rpm openldap-clients-2.4.44-22.el7.x86_64.rpm openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-devel-2.4.44-22.el7.i686.rpm openldap-devel-2.4.44-22.el7.x86_64.rpm openldap-servers-2.4.44-22.el7.x86_64.rpm openldap-servers-sql-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openldap-2.4.44-22.el7.src.rpm ppc64: openldap-2.4.44-22.el7.ppc.rpm openldap-2.4.44-22.el7.ppc64.rpm openldap-clients-2.4.44-22.el7.ppc64.rpm openldap-debuginfo-2.4.44-22.el7.ppc.rpm openldap-debuginfo-2.4.44-22.el7.ppc64.rpm openldap-devel-2.4.44-22.el7.ppc.rpm openldap-devel-2.4.44-22.el7.ppc64.rpm openldap-servers-2.4.44-22.el7.ppc64.rpm ppc64le: openldap-2.4.44-22.el7.ppc64le.rpm openldap-clients-2.4.44-22.el7.ppc64le.rpm openldap-debuginfo-2.4.44-22.el7.ppc64le.rpm openldap-devel-2.4.44-22.el7.ppc64le.rpm openldap-servers-2.4.44-22.el7.ppc64le.rpm s390x: openldap-2.4.44-22.el7.s390.rpm openldap-2.4.44-22.el7.s390x.rpm openldap-clients-2.4.44-22.el7.s390x.rpm openldap-debuginfo-2.4.44-22.el7.s390.rpm openldap-debuginfo-2.4.44-22.el7.s390x.rpm openldap-devel-2.4.44-22.el7.s390.rpm openldap-devel-2.4.44-22.el7.s390x.rpm openldap-servers-2.4.44-22.el7.s390x.rpm x86_64: openldap-2.4.44-22.el7.i686.rpm openldap-2.4.44-22.el7.x86_64.rpm openldap-clients-2.4.44-22.el7.x86_64.rpm openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-devel-2.4.44-22.el7.i686.rpm openldap-devel-2.4.44-22.el7.x86_64.rpm openldap-servers-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openldap-debuginfo-2.4.44-22.el7.ppc64.rpm openldap-servers-sql-2.4.44-22.el7.ppc64.rpm ppc64le: openldap-debuginfo-2.4.44-22.el7.ppc64le.rpm openldap-servers-sql-2.4.44-22.el7.ppc64le.rpm s390x: openldap-debuginfo-2.4.44-22.el7.s390x.rpm openldap-servers-sql-2.4.44-22.el7.s390x.rpm x86_64: openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-servers-sql-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openldap-2.4.44-22.el7.src.rpm x86_64: openldap-2.4.44-22.el7.i686.rpm openldap-2.4.44-22.el7.x86_64.rpm openldap-clients-2.4.44-22.el7.x86_64.rpm openldap-debuginfo-2.4.44-22.el7.i686.rpm openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-devel-2.4.44-22.el7.i686.rpm openldap-devel-2.4.44-22.el7.x86_64.rpm openldap-servers-2.4.44-22.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openldap-debuginfo-2.4.44-22.el7.x86_64.rpm openldap-servers-sql-2.4.44-22.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12243 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3Of5NzjgjWX9erEAQjUBg/+LuTU5msGMECYNN1kTZeKEOLCX9BedipK jEUYzVTDdrrVglmfre4vnt8I5vLaVHoWD9Azv/0T7C7PqoDQTa+DuXgmUJ0gST8u MVhEsiDzTb2JPEPT0G5Mn/S7bL5buthYDlHJxTlnPimuvYBYIRRnP/65Kw0KnKyH Jd0lheTvX0I6MbH+vArqU6LHeX21tvfPHlqfPWz3adCvqk7T0mKTM2N2qbeaeyMk NPkqy4L/79s897+76c8PaS9VNIC+zTq78V24n/VXE29tYr6lz5AI/PsyqqAg9u2W RwfngfaX47EBTWo5z+Wm3q+Jr2zpv2zEBOu0yxl/PUH0Knk2S5pu1u7Ou7jDC3ty 4mCWo50wLOjkXspYQ1TWBhlGTe2fTVhH3l5emSR2z7y8bOKXR+GTS16uJ/un/Plr 0AU3pnJNPTtEYGzvNRNrw2IFsN3TAnhZnve0LerryIsyc/3tz6UhdeLKCw5lScYl ljGRanFYnwLL9+/h0CgjudrjtkB7F0SYNwiuSvr4yeAGG+/B6KFvtdii99azWhKf BqT1maqEizgtGaWIenkEMHYWHReC79Q+0DC9cyZGe5NJlndXZP0i1IkzL6wOLbAS DFqkF35KUgcQFh+kyPblKhX3HK3ZtBEFTeoV6rEQsgV8bU9HqFd1rjt/805/rIjk ZiAkpTmTglI=6TQF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: * Updated python-psutil version to 5.6.6 inside ansible-runner container (CVE-2019-18874) 3. Bugs fixed (https://bugzilla.redhat.com/): 1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling 5. For the oldstable distribution (stretch), this problem has been fixed in version 2.4.44+dfsg-5+deb9u4. For the stable distribution (buster), this problem has been fixed in version 2.4.47+dfsg-3+deb10u2. For the detailed security status of openldap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openldap Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6ofsxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qx4Q//dOnPiP6bKHrFUFtyv59tV5Zpa1jJ6BmIr3/5ueODnBu8MHLJw8503zLJ I43LDTzvGkXrxy0Y28YC5Qpv1oHW3gvPzFsTrn2DObeUnHlKOOUsyzz3saHXyyzQ ki+2UGsUXydSazDMeJzcoMfRdVpCtjc+GNTb/y7nxgwoKrz/WJplGstp2ibd8ftv Ju4uT8VJZcC3IEGhkYXJ7TENlegOK2FCewYMZARrNT/tjIDyAqfKi2muCg7oadx/ 5WZGLW7Pdw25jFknVy/Y7fEyJDWQdPH7NchK5tZy6D1lWQh67GcvJFSo5HICwb+n FilP29mIBbS96JQq6u5jWWMpAD6RPCtIltak4QdYptjdrQnTDFy3RJSTdZeis8ty HKwYJgNzVG6SCy04t3D+zeMbgEZOvj6GWrURQUqZJQmc4V9l89E0/D7zV3AX9Q9v 0hKEtpc//bZrS71QVqJvkWvrgfutB72Vnqfull+DBxvt33ma5W2il6kxGMwJK3S9 0lk60dzEDCdYp8TE61y8N4z+2IB/Otg9Ni2I8pmaE5s1/ZUva+8GhSjbmGyIhbpk p55kTiZUgpmu6EK2Kvjkh9rMlaa1IHXL8tdrbo8pRVtQHlA8/HUgoGiUHuX1h+Kw LZVjIV/L4qOFQ54uMbSscZgMEvhfW00fe3o2zI8WQZ9IPCQ3oRg= =K3JD -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // PACKETSTORM: 157602 // PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 159553 // PACKETSTORM: 159347 // PACKETSTORM: 159552 // PACKETSTORM: 168811

AFFECTED PRODUCTS

vendor:	netapp	model:	h700e	scope:	eq	version:	-	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	netapp	model:	h410c	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	netapp	model:	h500e	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.13.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.6	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	netapp	model:	h300s	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h410s	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 1.0
vendor:	netapp	model:	h500s	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	h700s	scope:	eq	version:	-	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	solaris	scope:	eq	version:	11	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.13.0	Trust: 1.0
vendor:	broadcom	model:	brocade fabric operating system	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	openldap	model:	openldap	scope:	lt	version:	2.4.50	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.14.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	oracle	model:	solaris	scope:	eq	version:	10	Trust: 1.0
vendor:	netapp	model:	h300e	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.6	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	20.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	openldap	model:	openldap	scope:	eq	version:	2.4.50	Trust: 0.8

sources: JVNDB: JVNDB-2020-005084 // NVD: CVE-2020-12243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12243
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-005084
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202004-2326
value:	HIGH
Trust: 0.6
VULHUB:	VHN-164902
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-12243
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12243
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005084
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-164902
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12243
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-005084
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // CNNVD: CNNVD-202004-2326 // NVD: CVE-2020-12243

PROBLEMTYPE DATA

problemtype:	CWE-674	Trust: 1.1
problemtype:	CWE-400	Trust: 0.9

sources: VULHUB: VHN-164902 // JVNDB: JVNDB-2020-005084 // NVD: CVE-2020-12243

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 157602 // CNNVD: CNNVD-202004-2326

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2326

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005084

PATCH

title:	[SECURITY] [DLA 2199-1] openldap security update	url:	https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html	Trust: 0.8
title:	DSA-4666	url:	https://www.debian.org/security/2020/dsa-4666	Trust: 0.8
title:	Issue#9248	url:	https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES	Trust: 0.8
title:	ITS#9202 limit depth of nested filters	url:	https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440	Trust: 0.8
title:	Issue 9202	url:	https://bugs.openldap.org/show_bug.cgi?id=9202	Trust: 0.8
title:	OpenLDAP Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118093	Trust: 0.6
title:	Red Hat: Moderate: openldap security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204041 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: openldap vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4352-1	Trust: 0.1
title:	Ubuntu Security Notice: openldap vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4352-2	Trust: 0.1
title:	Debian Security Advisories: DSA-4666-1 openldap -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=fb4df889a45e12b120ab07487d89cbed	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1539	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1539	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204254 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204255 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ca8040b949152189bea3a3126afcd39	Trust: 0.1
title:	Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204264 - Security Advisory	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1

sources: VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // CNNVD: CNNVD-202004-2326

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12243	Trust: 3.3
db:	PACKETSTORM	id:	157602	Trust: 0.8
db:	PACKETSTORM	id:	161727	Trust: 0.8
db:	PACKETSTORM	id:	159347	Trust: 0.8
db:	PACKETSTORM	id:	159553	Trust: 0.8
db:	PACKETSTORM	id:	162142	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-005084	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-2326	Trust: 0.7
db:	PACKETSTORM	id:	161916	Trust: 0.7
db:	PACKETSTORM	id:	162130	Trust: 0.7
db:	ICS CERT	id:	ICSA-22-116-01	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.1207	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1637	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2604	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0845	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1742.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3631	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1742	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1458	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0986	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3535	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1193	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1569	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1613	Trust: 0.6
db:	PACKETSTORM	id:	159552	Trust: 0.2
db:	PACKETSTORM	id:	157601	Trust: 0.1
db:	CNVD	id:	CNVD-2020-27485	Trust: 0.1
db:	VULHUB	id:	VHN-164902	Trust: 0.1
db:	VULMON	id:	CVE-2020-12243	Trust: 0.1
db:	PACKETSTORM	id:	168811	Trust: 0.1

sources: VULHUB: VHN-164902 // VULMON: CVE-2020-12243 // JVNDB: JVNDB-2020-005084 // PACKETSTORM: 157602 // PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 159553 // PACKETSTORM: 159347 // PACKETSTORM: 159552 // PACKETSTORM: 168811 // CNNVD: CNNVD-202004-2326 // NVD: CVE-2020-12243

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-12243	Trust: 2.1
url:	https://usn.ubuntu.com/4352-1/	Trust: 1.9
url:	https://git.openldap.org/openldap/openldap/-/blob/openldap_rel_eng_2_4/changes	Trust: 1.8
url:	https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20200511-0003/	Trust: 1.8
url:	https://support.apple.com/kb/ht211289	Trust: 1.8
url:	https://www.debian.org/security/2020/dsa-4666	Trust: 1.8
url:	https://bugs.openldap.org/show_bug.cgi?id=9202	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html	Trust: 1.8
url:	https://usn.ubuntu.com/4352-2/	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12243	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1742.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3535/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1458/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1569/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-116-01	Trust: 0.6
url:	https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht211289	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0986	Trust: 0.6
url:	https://vigilance.fr/vulnerability/openldap-denial-of-service-via-search-filters-32124	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1207	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0845	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2604	Trust: 0.6
url:	https://packetstormsecurity.com/files/159347/red-hat-security-advisory-2020-4041-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/157602/ubuntu-security-notice-usn-4352-2.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1637/	Trust: 0.6
url:	https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1613/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1193	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3631/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1742/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12400	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.4
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5188	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-12652	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17546	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14973	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-17546	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12652	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5094	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-5188	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-5094	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-14973	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-5313	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://access.redhat.com/errata/rhsa-2020:4041	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12402	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.2
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12401	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12403	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-19126	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1240	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20386	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-18874	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12450	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14822	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14822	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20386	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18874	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-14365	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-16935	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19126	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-5482	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16935	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5482	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-12450	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/674.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-116-01	Trust: 0.1
url:	https://usn.ubuntu.com/4352-2	Trust: 0.1
url:	https://usn.ubuntu.com/4352-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11023	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20253	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11023	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0778	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11022	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5766	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11022	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35678	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1079	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8625	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15999	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3156	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3447	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5313	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15999	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14422	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14422	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4255	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4254	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/openldap	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1

CREDITS

Red Hat

Trust: 1.1

sources: PACKETSTORM: 161727 // PACKETSTORM: 162142 // PACKETSTORM: 159553 // PACKETSTORM: 159347 // PACKETSTORM: 159552 // CNNVD: CNNVD-202004-2326

SOURCES

db:	VULHUB	id:	VHN-164902
db:	VULMON	id:	CVE-2020-12243
db:	JVNDB	id:	JVNDB-2020-005084
db:	PACKETSTORM	id:	157602
db:	PACKETSTORM	id:	161727
db:	PACKETSTORM	id:	162142
db:	PACKETSTORM	id:	159553
db:	PACKETSTORM	id:	159347
db:	PACKETSTORM	id:	159552
db:	PACKETSTORM	id:	168811
db:	CNNVD	id:	CNNVD-202004-2326
db:	NVD	id:	CVE-2020-12243

LAST UPDATE DATE

2024-11-20T21:31:41.284000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-164902	date:	2022-04-29T00:00:00
db:	VULMON	id:	CVE-2020-12243	date:	2022-04-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-005084	date:	2020-06-05T00:00:00
db:	CNNVD	id:	CNNVD-202004-2326	date:	2022-04-27T00:00:00
db:	NVD	id:	CVE-2020-12243	date:	2022-04-29T13:24:38.527

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-164902	date:	2020-04-28T00:00:00
db:	VULMON	id:	CVE-2020-12243	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-005084	date:	2020-06-05T00:00:00
db:	PACKETSTORM	id:	157602	date:	2020-05-07T15:33:32
db:	PACKETSTORM	id:	161727	date:	2021-03-09T16:25:11
db:	PACKETSTORM	id:	162142	date:	2021-04-09T15:06:13
db:	PACKETSTORM	id:	159553	date:	2020-10-14T16:52:18
db:	PACKETSTORM	id:	159347	date:	2020-09-30T15:43:05
db:	PACKETSTORM	id:	159552	date:	2020-10-14T16:52:12
db:	PACKETSTORM	id:	168811	date:	2020-04-28T19:12:00
db:	CNNVD	id:	CNNVD-202004-2326	date:	2020-04-28T00:00:00
db:	NVD	id:	CVE-2020-12243	date:	2020-04-28T19:15:12.267