ID

VAR-202007-1448


CVE

CVE-2020-8203


TITLE

lodash Vulnerability in resource allocation without restrictions or throttling in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008656

DESCRIPTION

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. lodash Is vulnerable to resource allocation without restrictions or throttling.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. lodash is an open source JavaScript utility library. An input validation error vulnerability exists in lodash 4.17.15 and earlier versions. A remote attacker could exploit this vulnerability to execute arbitrary code on the system via the 'merge', 'mergeWith' and 'defaultsDeep' functions. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Bug Fix(es): * Previously, upgrade from Red Had Virtualization (RHV) 4.4.1 to RHV 4.4.2 failed due to dangling symlinks from the iSCSI Storage Domain that weren't cleaned up. In this release, the upgrade succeeds. (BZ#1895356) * Previously, when migrating a Windows virtual machine from a VMware environment to Red Hat Virtualization 4.4.3, the migration failed due to a file permission error. In this release, the migration succeeds. (BZ#1901423) 4. Bugs fixed (https://bugzilla.redhat.com/): 1835685 - [Hosted-Engine]"Installation Guide" and "RHV Documents" didn't jump to the correct pages in hosted engine page. 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1895356 - Upgrade to 4.4.2 will fail due to dangling symlinks 1895762 - cockpit ovirt(downstream) docs links point to upstream docs. 1896536 - CVE-2015-8011 lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c 1898023 - Rebase RHV-H 4.4.3 on RHEL 8.3.0.1 1898024 - Rebase RHV-H 4.4.3 on RHGS-3.5.z Batch #3 1901423 - [v2v] leaking USER and HOME environment from root causes virt-v2v error: failure: Unexpected file type which prevents VM migration 1902301 - Upgrade cockpit-ovirt to 0.14.14 6. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bug Fix(es): * send --nowait to libvirt when we collect qemu stats, to consume bz#1552092 (BZ#1613514) * Block moving HE hosts into different Data Centers and make HE host moved to different cluster NonOperational after activation (BZ#1702016) * If an in-use MAC is held by a VM on a different cluster, the engine does not attempt to get the next free MAC. (BZ#1760170) * Search backend cannot find VMs which name starts with a search keyword (BZ#1797717) * [Permissions] DataCenterAdmin role defined on DC level does not allow Cluster creation (BZ#1808320) * enable-usb-autoshare is always 0 in console.vv and usb-filter option is listed two times (BZ#1811466) * NumaPinningHelper is not huge pages aware, denies migration to suitable host (BZ#1812316) * Adding quota to group doesn't propagate to users (BZ#1822372) * Engine adding PCI-E elements on XML of i440FX SeaBIOS VM created from Q35 Template (BZ#1829691) * Live Migration Bandwidth unit is different from Engine configuration (Mbps) and VDSM (MBps) (BZ#1845397) * RHV-M shows successful operation if OVA export/import failed during "qemu-img convert" phase (BZ#1854888) * Cannot hotplug disk reports libvirtError: Requested operation is not valid: Domain already contains a disk with that address (BZ#1855305) * rhv-log-collector-analyzer --json fails with TypeError (BZ#1859314) * RHV 4.4 on AMD EPYC 7742 throws an NUMA related error on VM run (BZ#1866862) * Issue with dashboards creation when sending metrics to external Elasticsearch (BZ#1870133) * HostedEngine VM is broken after Cluster changed to UEFI (BZ#1871694) * [CNV&RHV]Notification about VM creation contain <UNKNOWN> string (BZ#1873136) * VM stuck in Migrating status after migration completed due to incorrect status reported by VDSM after restart (BZ#1877632) * Use 4.5 as compatibility level for the Default DataCenter and the Default Cluster during installation (BZ#1879280) * unable to create/add index pattern in step 5 from kcs articles#4921101 (BZ#1881634) * [CNV&RHV] Remove warning about no active storage domain for Kubevirt VMs (BZ#1883844) * Deprecate and remove ovirt-engine-api-explorer (BZ#1884146) * [CNV&RHV] Disable creating new disks for Kubevirt VM (BZ#1884634) * Require ansible-2.9.14 in ovirt-engine (BZ#1888626) Enhancement(s): * [RFE] Virtualization support for NVDIMM - RHV (BZ#1361718) * [RFE] - enable renaming HostedEngine VM name (BZ#1657294) * [RFE] Enabling Icelake new NIs - RHV (BZ#1745024) * [RFE] Show vCPUs and allocated memory in virtual machines summary (BZ#1752751) * [RFE] RHV-M Deployment/Install Needs it's own UUID (BZ#1825020) * [RFE] Destination Host in migrate VM dialog has to be searchable and sortable (BZ#1851865) * [RFE] Expose the "reinstallation required" flag of the hosts in the API (BZ#1856671) 4. Bugs fixed (https://bugzilla.redhat.com/): 1613514 - send --nowait to libvirt when we collect qemu stats, to consume bz#1552092 1657294 - [RFE] - enable renaming HostedEngine VM name 1691253 - ovirt-engine-extension-aaa-ldap-setup does not escape special characters in password 1702016 - Block moving HE hosts into different Data Centers and make HE host moved to different cluster NonOperational after activation 1752751 - [RFE] Show vCPUs and allocated memory in virtual machines summary 1760170 - If an in-use MAC is held by a VM on a different cluster, the engine does not attempt to get the next free MAC. 1797717 - Search backend cannot find VMs which name starts with a search keyword 1808320 - [Permissions] DataCenterAdmin role defined on DC level does not allow Cluster creation 1811466 - enable-usb-autoshare is always 0 in console.vv and usb-filter option is listed two times 1812316 - NumaPinningHelper is not huge pages aware, denies migration to suitable host 1822372 - Adding quota to group doesn't propagate to users 1825020 - [RFE] RHV-M Deployment/Install Needs it's own UUID 1828241 - Deleting snapshot do not display a lock for it's disks under "Disk Snapshots" tab. 1829691 - Engine adding PCI-E elements on XML of i440FX SeaBIOS VM created from Q35 Template 1842344 - Status loop due to host initialization not checking network status, monitoring finding the network issue and auto-recovery. 1845432 - [CNV&RHV] Communicatoin with CNV cluster spamming engine.log when token is expired 1851865 - [RFE] Destination Host in migrate VM dialog has to be searchable and sortable 1854888 - RHV-M shows successful operation if OVA export/import failed during "qemu-img convert" phase 1855305 - Cannot hotplug disk reports libvirtError: Requested operation is not valid: Domain already contains a disk with that address 1856671 - [RFE] Expose the "reinstallation required" flag of the hosts in the API 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1859314 - rhv-log-collector-analyzer --json fails with TypeError 1862101 - rhv-image-discrepancies does show size of the images on the storage as size of the image in db and vice versa 1866981 - obj must be encoded before hashing 1870133 - Issue with dashboards creation when sending metrics to external Elasticsearch 1871694 - HostedEngine VM is broken after Cluster changed to UEFI 1872911 - RHV Administration Portal fails with 404 error even after updating to RHV 4.3.9 1873136 - [CNV&RHV]Notification about VM creation contain <UNKNOWN> string 1876923 - PostgreSQL 12 in RHV 4.4 - engine-setup menu ref URL needs updating 1877632 - VM stuck in Migrating status after migration completed due to incorrect status reported by VDSM after restart 1877679 - Synchronize advanced virtualization module with RHEL version during host upgrade 1879199 - ovirt-engine-extension-aaa-ldap-setup fails on cert import 1879280 - Use 4.5 as compatibility level for the Default DataCenter and the Default Cluster during installation 1879377 - [DWH] Rebase bug - for the 4.4.3 release 1881634 - unable to create/add index pattern in step 5 from kcs articles#4921101 1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS 1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 1883844 - [CNV&RHV] Remove warning about no active storage domain for Kubevirt VMs 1884146 - Deprecate and remove ovirt-engine-api-explorer 1884634 - [CNV&RHV] Disable creating new disks for Kubevirt VM 1885976 - rhv-log-collector-analyzer - argument must be str, not bytes 1887268 - Cannot perform yum update on my RHV manager (ansible conflict) 1888626 - Require ansible-2.9.14 in ovirt-engine 1889522 - metrics playbooks are broken due to typo 6. Description: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Virtualization security, bug fix, and enhancement update Advisory ID: RHSA-2020:3807-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2020:3807 Issue date: 2020-09-23 CVE Names: CVE-2020-8203 CVE-2020-11022 CVE-2020-11023 CVE-2020-14333 ==================================================================== 1. Summary: An update is now available for Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch 3. Description: The org.ovirt.engine-root is a core component of oVirt. The following packages have been upgraded to a later upstream version: ansible-runner-service (1.0.5), org.ovirt.engine-root (4.4.2.3), ovirt-engine-dwh (4.4.2.1), ovirt-engine-extension-aaa-ldap (1.4.1), ovirt-engine-ui-extensions (1.2.3), ovirt-log-collector (4.4.3), ovirt-web-ui (1.6.4), rhvm-branding-rhv (4.4.5), rhvm-dependencies (4.4.1), vdsm-jsonrpc-java (1.5.5). (BZ#1674420, BZ#1866734) A list of bugs fixed in this update is available in the Technical Notes book: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht ml-single/technical_notes Security Fix(es): * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * ovirt-engine: Reflected cross site scripting vulnerability (CVE-2020-14333) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Cannot assign direct LUN from FC storage - grayed out (BZ#1625499) * VM portal always asks how to open console.vv even it has been set to default application. (BZ#1638217) * RESTAPI Not able to remove the QoS from a disk profile (BZ#1643520) * On OVA import, qemu-img fails to write to NFS storage domain (BZ#1748879) * Possible missing block path for a SCSI host device needs to be handled in the UI (BZ#1801206) * Scheduling Memory calculation disregards huge-pages (BZ#1804037) * Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. (BZ#1804046) * In Admin Portal, "Huge Pages (size: amount)" needs to be clarified (BZ#1806339) * Refresh LUN is using host from different Data Center to scan the LUN (BZ#1838051) * Unable to create Windows VM's with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal (BZ#1843234) * [RHV-CNV] - NPE when creating new VM in cnv cluster (BZ#1854488) * [CNV&RHV] Add-Disk operation failed to complete. (BZ#1855377) * Cannot create KubeVirt VM as a normal user (BZ#1859460) * Welcome page - remove Metrics Store links and update "Insights Guide" link (BZ#1866466) * [RHV 4.4] Change in CPU model name after RHVH upgrade (BZ#1869209) * VM vm-name is down with error. Exit message: unsupported configuration: Can't add USB input device. USB bus is disabled. (BZ#1871235) * spec_ctrl host feature not detected (BZ#1875609) Enhancement(s): * [RFE] API for changed blocks/sectors for a disk for incremental backup usage (BZ#1139877) * [RFE] Improve workflow for storage migration of VMs with multiple disks (BZ#1749803) * [RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots (BZ#1763812) * [RFE] enhance search filter for Storage Domains with free argument (BZ#1819260) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1625499 - Cannot assign direct LUN from FC storage - grayed out 1638217 - VM portal always asks how to open console.vv even it has been set to default application. 1643520 - RESTAPI Not able to remove the QoS from a disk profile 1674420 - [RFE] - add support for Cascadelake-Server CPUs (and IvyBridge) 1748879 - On OVA import, qemu-img fails to write to NFS storage domain 1749803 - [RFE] Improve workflow for storage migration of VMs with multiple disks 1758024 - Long running Ansible tasks timeout and abort for RHV-H hosts with STIG/Security Profiles applied 1763812 - [RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots 1778471 - Using more than one asterisk in LDAP search string is not working when searching for AD users. 1787854 - RHV: Updating/reinstall a host which is part of affinity labels is removed from the affinity label. 1801206 - Possible missing block path for a SCSI host device needs to be handled in the UI 1803856 - [Scale] ovirt-vmconsole takes too long or times out in a 500+ VM environment. 1804037 - Scheduling Memory calculation disregards huge-pages 1804046 - Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. 1806339 - In Admin Portal, "Huge Pages (size: amount)" needs to be clarified 1816951 - [CNV&RHV] CNV VM migration failure is not handled correctly by the engine 1819260 - [RFE] enhance search filter for Storage Domains with free argument 1826255 - [CNV&RHV]Change name of type of provider - CNV -> OpenShift Virtualization 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1831949 - RESTAPI javadoc contains missing information about assigning IP address to NIC 1831952 - RESTAPI contains malformed link around JSON representation fo the cluster 1831954 - RESTAPI javadoc contains malformed link around oVirt guest agent 1831956 - RESTAPI javadoc contains malformed link around time zone representation 1838051 - Refresh LUN is using host from different Data Center to scan the LUN 1841112 - not able to upload vm from OVA when there are 2 OVA from the same vm in same directory 1843234 - Unable to create Windows VM's with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal 1850004 - CVE-2020-11023 jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1854488 - [RHV-CNV] - NPE when creating new VM in cnv cluster 1855377 - [CNV&RHV] Add-Disk operation failed to complete. 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1858184 - CVE-2020-14333 ovirt-engine: Reflected cross site scripting vulnerability 1859460 - Cannot create KubeVirt VM as a normal user 1860907 - Upgrade bundled GWT to 2.9.0 1866466 - Welcome page - remove Metrics Store links and update "Insights Guide" link 1866734 - [DWH] Rebase bug - for the 4.4.2 release 1869209 - [RHV 4.4] Change in CPU model name after RHVH upgrade 1869302 - ansible 2.9.12 - host deploy fixes 1871235 - VM vm-name is down with error. Exit message: unsupported configuration: Can't add USB input device. USB bus is disabled. 1875609 - spec_ctrl host feature not detected 1875851 - Web Admin interface broken on Firefox ESR 68.11 6. Package List: RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4: Source: ansible-runner-service-1.0.5-1.el8ev.src.rpm ovirt-engine-4.4.2.3-0.6.el8ev.src.rpm ovirt-engine-dwh-4.4.2.1-1.el8ev.src.rpm ovirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.2.3-1.el8ev.src.rpm ovirt-log-collector-4.4.3-1.el8ev.src.rpm ovirt-web-ui-1.6.4-1.el8ev.src.rpm rhvm-branding-rhv-4.4.5-1.el8ev.src.rpm rhvm-dependencies-4.4.1-1.el8ev.src.rpm vdsm-jsonrpc-java-1.5.5-1.el8ev.src.rpm noarch: ansible-runner-service-1.0.5-1.el8ev.noarch.rpm ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-backend-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-dbscripts-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-dwh-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-setup-1.4.1-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-restapi-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-base-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-tools-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-tools-backup-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.2.3-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-log-collector-4.4.3-1.el8ev.noarch.rpm ovirt-web-ui-1.6.4-1.el8ev.noarch.rpm python3-ovirt-engine-lib-4.4.2.3-0.6.el8ev.noarch.rpm rhvm-4.4.2.3-0.6.el8ev.noarch.rpm rhvm-branding-rhv-4.4.5-1.el8ev.noarch.rpm rhvm-dependencies-4.4.1-1.el8ev.noarch.rpm vdsm-jsonrpc-java-1.5.5-1.el8ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8203 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2020-14333 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX2t0HtzjgjWX9erEAQhpWg/+KolNmhmQCrst8TmYsC2IgSdHP+q0LKLj gdPZYu0ixOpwLLiAhrsoDXqL3H3w7UDSKkSISgPMEqEde4Vp+zI37O1q3E/P7CAj rfLGuL1UDEiy0q0g1BP13GrPlg6K4fR5wQAnTB6vD/ZY+wd50Z0T+NGAxd2w68bM R5q1kSOUPc4AZt25FORU2cmp775Y7DWazMWHC77uiJHgyCwVqLtdO09iEnglZDKJ BynwyT8exZKXxmmpE4QZ4X7wNo3Y0mTiRZo5eyxxQpwj9X+qw1V+pBdtMH/C1yhk J+X1f+wDoe2jCx2bqPXqp6EgFSHnJNt96jV0oTdD0f8rMgWcBDStNXdagPBmBCBp t+Kq3BZx0Oqkig4f+DCEmoS0V0fB9UQLg0Q/M9p1bTfYQkbn+BMHL7CAp8UyAzPH A1HlnP7TtQgplFvoap82xt2pXh97VvI6x3sBGHyW4Fz0SykhRYx3dAgmqy5nEssl 5ApWZ87M3l+2tUh4ZOJAtzRDt9sL5KQsXjp1jZaK/gWBsL4Suzr9AIrs4NmRmXnY TzxdXgIY6C+dWmB4TPhcJE5etcvtorqvs93d47yBdpRyO/IlbEw0vLUBdVZZuj9N mqp6RcHqDKm6Yv4B73Ud5my44wSRWVWtBxO6fivQOQG7iqCyIlA3M3LUMkVy+fxc bvmOI0eIsZw=Jhpi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/): PROJQUAY-1417 - zstd compressed layers PROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay PROJQUAY-1535 - As a user I can create and use nested repository name structures PROJQUAY-1583 - add "disconnected" annotation to operators PROJQUAY-1609 - Operator communicates status per managed component PROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment PROJQUAY-1791 - v1beta CRD EOL PROJQUAY-1883 - Support OCP Re-encrypt routes PROJQUAY-1887 - allow either sha or tag in related images PROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. PROJQUAY-1998 - note database deprecations in 3.6 Config Tool PROJQUAY-2050 - Support OCP Edge-Termination PROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly PROJQUAY-2102 - add clair-4.2 enrichment data to quay UI PROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install 6

Trust: 2.43

sources: NVD: CVE-2020-8203 // JVNDB: JVNDB-2020-008656 // VULHUB: VHN-186328 // VULMON: CVE-2020-8203 // PACKETSTORM: 160589 // PACKETSTORM: 159727 // PACKETSTORM: 160209 // PACKETSTORM: 158797 // PACKETSTORM: 158796 // PACKETSTORM: 159275 // PACKETSTORM: 164555

AFFECTED PRODUCTS

vendor:oraclemodel:banking corporate lending process managementscope:eqversion:14.3.0

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:lteversion:9.2.6.0

Trust: 1.0

vendor:oraclemodel:banking corporate lending process managementscope:eqversion:14.2.0

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.12

Trust: 1.0

vendor:oraclemodel:banking extensibility workbenchscope:eqversion:14.3.0

Trust: 1.0

vendor:oraclemodel:banking extensibility workbenchscope:eqversion:14.2.0

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:8.4

Trust: 1.0

vendor:oraclemodel:communications subscriber-aware load balancerscope:eqversion:cz8.4

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.11

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:20.12.7

Trust: 1.0

vendor:oraclemodel:banking trade finance process managementscope:eqversion:14.5.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:20.12.0

Trust: 1.0

vendor:oraclemodel:banking trade finance process managementscope:eqversion:14.3.0

Trust: 1.0

vendor:oraclemodel:banking supply chain financescope:eqversion:14.5.0

Trust: 1.0

vendor:oraclemodel:banking trade finance process managementscope:eqversion:14.2.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:lodashmodel:lodashscope:ltversion:4.17.20

Trust: 1.0

vendor:oraclemodel:banking virtual account managementscope:eqversion:14.5.0

Trust: 1.0

vendor:oraclemodel:communications session routerscope:eqversion:cz8.4

Trust: 1.0

vendor:oraclemodel:banking liquidity managementscope:eqversion:14.5.0

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:3.3.0

Trust: 1.0

vendor:oraclemodel:banking virtual account managementscope:eqversion:14.3.0

Trust: 1.0

vendor:oraclemodel:banking supply chain financescope:eqversion:14.3.0

Trust: 1.0

vendor:oraclemodel:banking virtual account managementscope:eqversion:14.2.0

Trust: 1.0

vendor:oraclemodel:banking supply chain financescope:eqversion:14.2.0

Trust: 1.0

vendor:oraclemodel:blockchain platformscope:ltversion:21.1.2

Trust: 1.0

vendor:oraclemodel:banking credit facilities process managementscope:eqversion:14.5.0

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:3.2.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:banking liquidity managementscope:eqversion:14.3.0

Trust: 1.0

vendor:oraclemodel:banking liquidity managementscope:eqversion:14.2.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.11

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:12.0.0.3.0

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:pcz3.3

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:banking credit facilities process managementscope:eqversion:14.3.0

Trust: 1.0

vendor:oraclemodel:banking corporate lending process managementscope:eqversion:14.5.0

Trust: 1.0

vendor:oraclemodel:banking credit facilities process managementscope:eqversion:14.2.0

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:eqversion:7.5.0.23.0

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:cz8.4

Trust: 1.0

vendor:oraclemodel:communications subscriber-aware load balancerscope:eqversion:cz8.3

Trust: 1.0

vendor:oraclemodel:communications cloud native core policyscope:eqversion:1.11.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:oraclemodel:banking extensibility workbenchscope:eqversion:14.5.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:lodashmodel:lodashscope:eqversion:4.17.15

Trust: 0.8

sources: JVNDB: JVNDB-2020-008656 // NVD: CVE-2020-8203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8203
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008656
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1043
value: HIGH

Trust: 0.6

VULHUB: VHN-186328
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8203
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8203
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-008656
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-186328
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8203
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008656
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186328 // VULMON: CVE-2020-8203 // JVNDB: JVNDB-2020-008656 // CNNVD: CNNVD-202007-1043 // NVD: CVE-2020-8203

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.9

problemtype:CWE-1321

Trust: 1.0

sources: VULHUB: VHN-186328 // JVNDB: JVNDB-2020-008656 // NVD: CVE-2020-8203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1043

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1043

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008656

PATCH

title:CVE-2020-8203 is not modified in /.internal/baseSet.js #4874url:https://github.com/lodash/lodash/issues/4874

Trust: 0.8

title:lodash Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=124909

Trust: 0.6

title:Debian CVElist Bug Report Logs: node-lodash: CVE-2020-8203url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e2a3a37cadf3658ad136a09d0edc4403

Trust: 0.1

title:Red Hat: Important: Red Hat Virtualization security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205611 - Security Advisory

Trust: 0.1

title:Red Hat: Low: Red Hat Virtualization security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205179 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203807 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenShift Service Mesh security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203369 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data – Node.js (CVE-2020-8203)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0d7ed837a314c7bb63d61727a6cea7fa

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204298 - Security Advisory

Trust: 0.1

title:node-elm-compilerurl:https://github.com/rtfeldman/node-elm-compiler

Trust: 0.1

title:CloudGuard-ShiftLeft-CICDurl:https://github.com/chkp-dhouari/CloudGuard-ShiftLeft-CICD

Trust: 0.1

title:CloudGuard-ShiftLeft-CICD-mamsurl:https://github.com/MamadouDemb/CloudGuard-ShiftLeft-CICD-mams

Trust: 0.1

title:shiftleft-cicd-demourl:https://github.com/ecarbon277/shiftleft-cicd-demo

Trust: 0.1

title: - url:https://github.com/p3sky/Cloudguard-Shifleft-CICD

Trust: 0.1

title:shiftleftv3url:https://github.com/puryersc/shiftleftv3

Trust: 0.1

title:shiftleftv2url:https://github.com/puryersc/shiftleftv2

Trust: 0.1

title:shiftleftv4url:https://github.com/puryersc/shiftleftv4

Trust: 0.1

title:Web-CTF-Cheatsheeturl:https://github.com/duckstroms/Web-CTF-Cheatsheet

Trust: 0.1

sources: VULMON: CVE-2020-8203 // JVNDB: JVNDB-2020-008656 // CNNVD: CNNVD-202007-1043

EXTERNAL IDS

db:NVDid:CVE-2020-8203

Trust: 3.3

db:HACKERONEid:712065

Trust: 1.8

db:PACKETSTORMid:158797

Trust: 0.8

db:PACKETSTORMid:160589

Trust: 0.8

db:PACKETSTORMid:160209

Trust: 0.8

db:PACKETSTORMid:159275

Trust: 0.8

db:JVNDBid:JVNDB-2020-008656

Trust: 0.8

db:CNNVDid:CNNVD-202007-1043

Trust: 0.7

db:PACKETSTORMid:164555

Trust: 0.7

db:CS-HELPid:SB2021072725

Trust: 0.6

db:CS-HELPid:SB2021072145

Trust: 0.6

db:CS-HELPid:SB2022041931

Trust: 0.6

db:CS-HELPid:SB2021042310

Trust: 0.6

db:AUSCERTid:ESB-2020.4460

Trust: 0.6

db:AUSCERTid:ESB-2020.2715

Trust: 0.6

db:AUSCERTid:ESB-2020.3700

Trust: 0.6

db:AUSCERTid:ESB-2020.3255

Trust: 0.6

db:AUSCERTid:ESB-2023.3143

Trust: 0.6

db:AUSCERTid:ESB-2021.3472

Trust: 0.6

db:AUSCERTid:ESB-2022.5150

Trust: 0.6

db:AUSCERTid:ESB-2020.4180

Trust: 0.6

db:AUSCERTid:ESB-2022.5790

Trust: 0.6

db:PACKETSTORMid:158796

Trust: 0.2

db:VULHUBid:VHN-186328

Trust: 0.1

db:VULMONid:CVE-2020-8203

Trust: 0.1

db:PACKETSTORMid:159727

Trust: 0.1

sources: VULHUB: VHN-186328 // VULMON: CVE-2020-8203 // JVNDB: JVNDB-2020-008656 // PACKETSTORM: 160589 // PACKETSTORM: 159727 // PACKETSTORM: 160209 // PACKETSTORM: 158797 // PACKETSTORM: 158796 // PACKETSTORM: 159275 // PACKETSTORM: 164555 // CNNVD: CNNVD-202007-1043 // NVD: CVE-2020-8203

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-8203

Trust: 2.0

url:https://security.netapp.com/advisory/ntap-20200724-0006/

Trust: 1.8

url:https://github.com/lodash/lodash/issues/4874

Trust: 1.8

url:https://hackerone.com/reports/712065

Trust: 1.8

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8203

Trust: 0.8

url:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-node-js-cve-2020-8203/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2020-8203

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4460/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3143

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072145

Trust: 0.6

url:https://packetstormsecurity.com/files/164555/red-hat-security-advisory-2021-3917-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041931

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3472

Trust: 0.6

url:https://packetstormsecurity.com/files/158797/red-hat-security-advisory-2020-3369-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/159275/red-hat-security-advisory-2020-3807-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/160589/red-hat-security-advisory-2020-5611-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-javascript-affects-ibm-license-metric-tool-v9-cve-2020-8203/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-oss-security-scan-issues-for-concerto-installer/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-oss-scan-fixes-for-content-pos/

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujul2021.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042310

Trust: 0.6

url:https://packetstormsecurity.com/files/160209/red-hat-security-advisory-2020-5179-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3700/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4180/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5150

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072725

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5790

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2715/

Trust: 0.6

url:https://vigilance.fr/vulnerability/node-js-lodash-privilege-escalation-via-prototype-pollution-33309

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3255/

Trust: 0.6

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/articles/2974891

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9283

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-15366

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20922

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20920

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20922

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20920

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9283

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11023

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/1321.html

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283

Trust: 0.1

url:https://github.com/rtfeldman/node-elm-compiler

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-8011

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8011

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5611

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8768

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8535

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10743

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20657

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8611

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8676

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1549

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-9251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17451

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20060

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19519

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11070

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1547

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7664

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8607

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12052

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8690

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13752

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8601

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3822

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11324

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7146

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1010204

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11324

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11236

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8524

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-10739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16890

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5481

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8536

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8686

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8671

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12447

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8544

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12049

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8571

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-19519

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2013-0169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8677

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5436

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13753

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11459

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11358

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12447

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8679

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12795

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20657

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6454

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12450

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20483

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8619

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4298

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8622

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1010180

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7598

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8681

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3825

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18074

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6237

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6706

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20337

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8559

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8687

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13822

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16769

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8672

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11358

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14822

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8608

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7662

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8615

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12449

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7665

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8666

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8457

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5953

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15847

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14498

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8735

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11236

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12245

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8726

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1010204

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8596

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8696

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8610

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18408

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13636

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1563

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16890

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11070

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14498

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7149

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16056

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-10739

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20337

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18074

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11110

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19959

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8675

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8563

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10531

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3843

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1010180

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12449

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10715

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8609

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8587

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8506

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8583

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-9251

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11008

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11459

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8597

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5179

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12666

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3369

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12666

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.5/jaeger/jaeger_install/rhb

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3370

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14333

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14333

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11022

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27922

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1109

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7608

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26237

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-21270

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25292

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26237

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25289

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3728

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34552

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22922

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35653

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25289

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35654

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1109

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-3721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23368

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1107

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-3774

Trust: 0.1

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7608

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-16137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-21270

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23382

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26291

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15366

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25291

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16492

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27921

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3774

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27515

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1010266

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35654

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22922

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25290

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23364

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16492

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1010266

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1107

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3917

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26291

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-35653

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23382

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-16138

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-3728

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-3721

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27516

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-16138

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-16137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23364

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23368

Trust: 0.1

sources: VULHUB: VHN-186328 // VULMON: CVE-2020-8203 // JVNDB: JVNDB-2020-008656 // PACKETSTORM: 160589 // PACKETSTORM: 159727 // PACKETSTORM: 160209 // PACKETSTORM: 158797 // PACKETSTORM: 158796 // PACKETSTORM: 159275 // PACKETSTORM: 164555 // CNNVD: CNNVD-202007-1043 // NVD: CVE-2020-8203

CREDITS

Red Hat

Trust: 1.3

sources: PACKETSTORM: 160589 // PACKETSTORM: 159727 // PACKETSTORM: 160209 // PACKETSTORM: 158797 // PACKETSTORM: 158796 // PACKETSTORM: 159275 // PACKETSTORM: 164555 // CNNVD: CNNVD-202007-1043

SOURCES

db:VULHUBid:VHN-186328
db:VULMONid:CVE-2020-8203
db:JVNDBid:JVNDB-2020-008656
db:PACKETSTORMid:160589
db:PACKETSTORMid:159727
db:PACKETSTORMid:160209
db:PACKETSTORMid:158797
db:PACKETSTORMid:158796
db:PACKETSTORMid:159275
db:PACKETSTORMid:164555
db:CNNVDid:CNNVD-202007-1043
db:NVDid:CVE-2020-8203

LAST UPDATE DATE

2024-08-14T12:20:35.102000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186328date:2022-05-12T00:00:00
db:VULMONid:CVE-2020-8203date:2022-05-12T00:00:00
db:JVNDBid:JVNDB-2020-008656date:2020-09-18T00:00:00
db:CNNVDid:CNNVD-202007-1043date:2023-06-05T00:00:00
db:NVDid:CVE-2020-8203date:2024-01-21T02:37:13.193

SOURCES RELEASE DATE

db:VULHUBid:VHN-186328date:2020-07-15T00:00:00
db:VULMONid:CVE-2020-8203date:2020-07-15T00:00:00
db:JVNDBid:JVNDB-2020-008656date:2020-09-18T00:00:00
db:PACKETSTORMid:160589date:2020-12-17T17:36:24
db:PACKETSTORMid:159727date:2020-10-27T16:59:02
db:PACKETSTORMid:160209date:2020-11-24T15:30:15
db:PACKETSTORMid:158797date:2020-08-07T18:27:30
db:PACKETSTORMid:158796date:2020-08-07T18:27:14
db:PACKETSTORMid:159275date:2020-09-24T00:30:36
db:PACKETSTORMid:164555date:2021-10-19T15:32:20
db:CNNVDid:CNNVD-202007-1043date:2020-07-15T00:00:00
db:NVDid:CVE-2020-8203date:2020-07-15T17:15:11.797