ID

VAR-202203-1400


CVE

CVE-2020-36518


TITLE

Red Hat Security Advisory 2022-6407-01

Trust: 0.1

sources: PACKETSTORM: 168333

DESCRIPTION

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. Description: Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221) * jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * h2: Remote Code Execution in Console (CVE-2021-42392) * netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797) * xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084) * wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866) * undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319) * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299) * mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363) * xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437) * artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * jboss-client: memory leakage in remote client transaction (CVE-2022-0853) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2039403 - CVE-2021-42392 h2: Remote Code Execution in Console 2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) 2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI 2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors 2060725 - CVE-2022-0853 jboss-client: memory leakage in remote client transaction 2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-23121 - Tracker bug for the EAP 7.4.5 release for RHEL-8 JBEAP-23171 - (7.4.z) Upgrade HAL from 3.3.9.Final-redhat-00001 to 3.3.12.Final-redhat-00001 JBEAP-23194 - Upgrade hibernate-validator from 6.0.22.Final-redhat-00002 to 6.0.23-redhat-00001 JBEAP-23241 - [GSS](7.4.z) Upgrade jberet from 1.3.9 to 1.3.9.SP1 JBEAP-23299 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00034 to 2.16.0.redhat-00042 JBEAP-23300 - [GSS](7.4.z) Upgrade JBoss Remoting from 5.0.23.SP1 to 5.0.24.SP1 JBEAP-23312 - (7.4.z) Upgrade WildFly Core from 15.0.8.Final-redhat-00001 to 15.0.12.Final-redhat-00001 JBEAP-23313 - (7.4.z) Upgrade Elytron from 1.15.11.Final-redhat-00002 to 1.15.12.Final-redhat-00001 JBEAP-23336 - (7.4.z) Upgrade Hibernate ORM from 5.3.25.Final-redhat-00002 to 5.3.26.Final-redhat-00002 JBEAP-23338 - [GSS](7.4.z) Upgrade Undertow from 2.2.16 to 2.2.17.SP3 JBEAP-23339 - [GSS](7.4.z) Upgrade wildfly-http-ejb-client from 1.1.10 to 1.1.11.SP1 JBEAP-23351 - (7.4.z) Upgrade org.apache.logging.log4j from 2.17.1.redhat-00001 to 2.17.1.redhat-00002 JBEAP-23353 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.14.Final-redhat-00001 to 1.1.15.Final-redhat-x JBEAP-23429 - [PM](7.4.z) JDK17 Update Tested Configurations page and make note in Update release notes JBEAP-23432 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP04 to 3.0.0.SP05 JBEAP-23451 - [PST] (7.4.z) Upgrade to FasterXML Jackson to 2.12.6.redhat-00001 and Jackson Databind to 2.12.6.1.redhat-00003 JBEAP-23531 - [GSS](7.4.z) Upgrade Undertow from 2.2.17.SP3 to 2.2.17.SP4 JBEAP-23532 - (7.4.z) Upgrade WildFly Core from 15.0.12.Final-redhat-00001 to 15.0.13.Final-redhat-00001 7. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. Description: Logging Subsystem 5.6.0 - Red Hat OpenShift * logging-view-plugin-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601) * logging-elasticsearch6-container: jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518) * logging-loki-container: various flaws (CVE-2022-2879 CVE-2022-2880 CVE-2022-41715) * logging-loki-container: golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190) * org.elasticsearch-elasticsearch: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * org.elasticsearch-elasticsearch: jackson-databind: use of deeply nested arrays (CVE-2022-42004) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2134876 - CVE-2022-37601 loader-utils: prototype pollution in function parseQuery in parseQuery.js 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2217 - [Vector] Loss of logs when using Vector as collector. LOG-2620 - containers violate PodSecurity -- Core LOG-2819 - the `.level` field they are getting the "ERROR" but in `.structure.level` field they are getting "INFO" LOG-2822 - Evaluating rule failure in LokiRuler pods for Alerting and recording rules LOG-2843 - tls.key and tls.cert not in fluentd real configuration when forwarding logs using syslog tls LOG-2919 - CLO is constantly failing to create already existing logging objects (HTTP 409) LOG-2962 - Add the `version` file to Must-Gather archive LOG-2993 - consoleexternalloglinks.console.openshift.io/kibana should be removed once Kibana is deleted LOG-3072 - Non-admin user with 'view' role can't see any logs in 'Logs' view LOG-3090 - Custom outputs defined in ClusterLogForwarder overwritten when using LokiStack as default log storage LOG-3129 - Kibana Authentication Exception cookie issue LOG-3157 - Resources associated with collector / fluentd keep on getting recreated LOG-3161 - the content of secret elasticsearch-metrics-token is recreated continually LOG-3168 - Ruler pod throwing 'failed loading deletes for user' error after alerting/recording rules are created LOG-3169 - Unable to install Loki operator from upstream repo on OCP 4.12 LOG-3180 - fluentd plugin for kafka ca-bundle secret doesn't support multiple CAs LOG-3186 - [Loki] unable to determine tls profile settings when creating a LokiStack instance with custom global tlsSecurityProfile config LOG-3194 - Collector pod violates PodSecurity "restricted:v1.24" when using lokistack as the default log store in OCP 4.12. LOG-3195 - [Vector] logs parsed into structured when json is set without structured types. LOG-3208 - must-gather is empty for logging with CLO image LOG-3224 - Can't forward logs to non-clusterlogging managed ES using vector. LOG-3235 - cluster-logging.5.5.3 failing to deploy on ROSA LOG-3286 - LokiStack doesn't reconcile to use the changed tlsSecurityProfile set in the global config. LOG-3292 - Loki Controller manager in CrashLoop due to failure to list *v1.Proxy LOG-3296 - Cannot use default Replication Factor for shirt size LOG-3309 - Can't choose correct CA ConfigMap Key when creating lokistack in Console LOG-3324 - [vector] the key_pass should be text in vector.toml when forward log to splunk LOG-3331 - [release-5.6] Reconcile error on controller when creating LokiStack with tls config LOG-3446 - [must-gather] oc adm must-gather execution hangs indefinitely when collecting information for Cluster Logging. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Data Grid 8.3.1 security update Advisory ID: RHSA-2022:2232-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2022:2232 Issue date: 2022-05-12 CVE Names: CVE-2020-36518 CVE-2021-38153 CVE-2022-0084 ===================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.3.1 replaces Data Grid 8.3.0 and includes bug fixes and enhancements. Find out more about Data Grid 8.3.1 in the Release Notes[3]. Security Fix(es): * jackson-databind: denial of service via a large depth of nested objects [jdg-8] (CVE-2020-36518) * kafka-clients: Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients [jdg-8] (CVE-2021-38153) * xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr [jdg-8] (CVE-2022-0084) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To install this update, do the following: 1. Download the Data Grid 8.3.1 Server patch from the customer portal[²]. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 8.3.1 Server patch. 4. Restart Data Grid to ensure the changes take effect. For more information about Data Grid 8.3.1, refer to the 8.3.1 Release Notes[³] 4. Bugs fixed (https://bugzilla.redhat.com/): 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 5. References: https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2021-38153 https://access.redhat.com/security/cve/CVE-2022-0084 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=securityPatches&version=8.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYn0zH9zjgjWX9erEAQhZLw/+JPEE+waFwwS+b4v4/LLIwTjtFhXPqZYP WArn7i/vjG6ktOsZU397wdlik4Sv+tmPVX+aElmXLnTALJiOsm7iWjEjuT8qPhqt c2V9xN6vEQC7V1IXdwbUQwlkt3r40XbfhsGc4KKHjA8J5fWECwkByM5ofQ4j59jO lxpIPa5yRjCV8/4p7lKAXFYMeBInZtb8i4c7pYVnA9Eq+o2bRpV9P3/ES9q8xGF8 yVBC1Gt/fDZlmDznxlzUEih4HMxmW1uwQhZFHbw6jp6D0bYCn1wWrC6y7FYUmRJ6 /13BnHV27naz+xBGuSA6EB+AKmzlA85NyIimN2h63AT8VJb2IYv0vM2JMb0JRdK0 8SAE6hYmjodKxVcqANsBRiiea3vR9GTLN71zCXP8Pmk0dsI1GK29s574QuxUpKSQ YY8vXaL0K3j35IsGzmr7AvlYCQr1d3GPFaTnnj3XK+asRDMDrFvw8sCsNjLGRgHI dzZdcjpnIi3DXsp3ic1qRbZHpd9C/3o1r7hU++/nkkNNKXjGmzU+EAutaVHXxgLO XyuIIScDVb5kNrBpH5krzqU2TA31TFz0RGN5Am6vm8zc5rGyW7iMijAAreU8icgn Vt6KDpeDYuTffOBgo9WLR7kmo4xq7w94e1rDFxmGhL2OlsJI7S9gTxMhn/lONxTy IZnZKy4mPpA= =6Kqs -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. The References section of this erratum contains a download link (you must log in to download the update). JIRA issues fixed (https://issues.jboss.org/): ENTMQST-4107 - [KAFKA] MM2 connector task stopped and didn?t result in failed state ENTMQST-4541 - [PROD] Create RHSA erratum for Streams 2.4.0 6. 9) - noarch 3. Description: Jackson is a suite of data-processing tools for Java, including the flagship streaming JSON parser / generator library, matching data-binding library, and additional modules to process data encoded in various other data formats. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.11.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/ 4

Trust: 1.8

sources: NVD: CVE-2020-36518 // VULHUB: VHN-415522 // PACKETSTORM: 168333 // PACKETSTORM: 168621 // PACKETSTORM: 167424 // PACKETSTORM: 170602 // PACKETSTORM: 169727 // PACKETSTORM: 167157 // PACKETSTORM: 172453 // PACKETSTORM: 172220 // PACKETSTORM: 167841

AFFECTED PRODUCTS

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network slice selection functionscope:eqversion:22.1.1

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.0.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:gteversion:2.13.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:18.8.0.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:20.12.18

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:17.12.20.4

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:lteversion:8.1.2.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.0

Trust: 1.0

vendor:oraclemodel:financial services behavior detection platformscope:gteversion:8.1.1.0

Trust: 1.0

vendor:oraclemodel:commerce platformscope:eqversion:11.3.0

Trust: 1.0

vendor:oraclemodel:coherencescope:eqversion:14.1.1.0.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.12.6.1

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.1.2.0

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:lteversion:12.0.0.6.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core service communication proxyscope:eqversion:22.2.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:21.12

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.7.2

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.3.0.6.0

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.7.1

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.1.2.1

Trust: 1.0

vendor:oraclemodel:big data spatial and graphscope:ltversion:23.1

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:14.1.1.0.0

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:17.12.0.0

Trust: 1.0

vendor:oraclemodel:financial services trade-based anti money launderingscope:eqversion:8.0.7

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.11

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.1.0.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core consolescope:eqversion:1.9.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.1.1.0

Trust: 1.0

vendor:netappmodel:cloud insights acquisition unitscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:gteversion:20.12.0.0

Trust: 1.0

vendor:oraclemodel:financial services behavior detection platformscope:eqversion:8.0.7.0.0

Trust: 1.0

vendor:oraclemodel:communications billing and revenue managementscope:gteversion:12.0.0.4.0

Trust: 1.0

vendor:oraclemodel:global lifecycle management opatchscope:ltversion:12.2.0.1.30

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.58

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.3.0

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:gteversion:8.1.1.0

Trust: 1.0

vendor:oraclemodel:spatial studioscope:ltversion:20.1.0

Trust: 1.0

vendor:oraclemodel:global lifecycle management nextgen oui frameworkscope:ltversion:13.9.4.2.2

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.59

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:22.1.3

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:22.2.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core network slice selection functionscope:eqversion:22.1.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.0

Trust: 1.0

vendor:oraclemodel:graph server and clientscope:ltversion:22.2.0

Trust: 1.0

vendor:oraclemodel:retail sales auditscope:eqversion:15.0.3.1

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.8.1

Trust: 1.0

vendor:oraclemodel:commerce platformscope:eqversion:11.3.2

Trust: 1.0

vendor:oraclemodel:health sciences empirica signalscope:eqversion:9.1.0.5.2

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.13

Trust: 1.0

vendor:netappmodel:oncommand workflow automationscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.2.0

Trust: 1.0

vendor:oraclemodel:financial services behavior detection platformscope:eqversion:8.0.8

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:21.12.1

Trust: 1.0

vendor:oraclemodel:global lifecycle management nextgen oui frameworkscope:eqversion:13.9.4.2.2

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.7

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:sd-wan edgescope:eqversion:9.1

Trust: 1.0

vendor:oraclemodel:financial services crime and compliance management studioscope:eqversion:8.0.8.3.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core security edge protection proxyscope:eqversion:22.1.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.14

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:18.8.25.4

Trust: 1.0

vendor:oraclemodel:financial services crime and compliance management studioscope:eqversion:8.0.8.2.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core unified data repositoryscope:eqversion:22.2.0

Trust: 1.0

vendor:oraclemodel:financial services behavior detection platformscope:lteversion:8.1.2.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:21.12.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:fasterxmlmodel:jackson-databindscope:ltversion:2.13.2.1

Trust: 1.0

vendor:oraclemodel:financial services enterprise case managementscope:eqversion:8.0.8.0

Trust: 1.0

vendor:netappmodel:snap creator frameworkscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core network repository functionscope:eqversion:22.1.2

Trust: 1.0

vendor:oraclemodel:commerce platformscope:eqversion:11.3.1

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:19.12.19.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:20.12.0

Trust: 1.0

vendor:oraclemodel:financial services trade-based anti money launderingscope:eqversion:8.0.8

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.3.0.5.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:oraclemodel:primavera p6 enterprise project portfolio managementscope:lteversion:21.12.4.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.5.0

Trust: 1.0

sources: NVD: CVE-2020-36518

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-36518
value: HIGH

Trust: 1.0

VULHUB: VHN-415522
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-36518
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-415522
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-36518
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-415522 // NVD: CVE-2020-36518

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-415522 // NVD: CVE-2020-36518

TYPE

code execution, xss

Trust: 0.2

sources: PACKETSTORM: 168621 // PACKETSTORM: 169727

EXPLOIT AVAILABILITY

[
  {
    "type": "unknown",
    "reference": "https://www.scap.org.cn/vuln/vhn-415522",
    "trust": 0.1
  }
]

sources: VULHUB: VHN-415522

EXTERNAL IDS

db:NVDid:CVE-2020-36518

Trust: 2.0

db:PACKETSTORMid:170602

Trust: 0.2

db:PACKETSTORMid:168333

Trust: 0.2

db:PACKETSTORMid:167841

Trust: 0.2

db:PACKETSTORMid:169727

Trust: 0.2

db:PACKETSTORMid:167157

Trust: 0.2

db:PACKETSTORMid:167424

Trust: 0.2

db:PACKETSTORMid:168646

Trust: 0.1

db:PACKETSTORMid:169920

Trust: 0.1

db:PACKETSTORMid:170179

Trust: 0.1

db:PACKETSTORMid:169728

Trust: 0.1

db:PACKETSTORMid:167842

Trust: 0.1

db:PACKETSTORMid:169725

Trust: 0.1

db:PACKETSTORMid:170162

Trust: 0.1

db:PACKETSTORMid:167579

Trust: 0.1

db:PACKETSTORMid:169926

Trust: 0.1

db:PACKETSTORMid:169729

Trust: 0.1

db:PACKETSTORMid:167422

Trust: 0.1

db:PACKETSTORMid:168631

Trust: 0.1

db:PACKETSTORMid:167423

Trust: 0.1

db:PACKETSTORMid:167523

Trust: 0.1

db:VULHUBid:VHN-415522

Trust: 0.1

db:PACKETSTORMid:168621

Trust: 0.1

db:PACKETSTORMid:172453

Trust: 0.1

db:PACKETSTORMid:172220

Trust: 0.1

sources: VULHUB: VHN-415522 // PACKETSTORM: 168333 // PACKETSTORM: 168621 // PACKETSTORM: 167424 // PACKETSTORM: 170602 // PACKETSTORM: 169727 // PACKETSTORM: 167157 // PACKETSTORM: 172453 // PACKETSTORM: 172220 // PACKETSTORM: 167841 // NVD: CVE-2020-36518

REFERENCES

url:https://security.netapp.com/advisory/ntap-20220506-0004/

Trust: 1.1

url:https://www.debian.org/security/2022/dsa-5283

Trust: 1.1

url:https://github.com/fasterxml/jackson-databind/issues/2816

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36518

Trust: 0.9

url:https://access.redhat.com/security/team/contact/

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2020-36518

Trust: 0.9

url:https://bugzilla.redhat.com/):

Trust: 0.9

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.9

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.7

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-0084

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-0084

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-38153

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-0866

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-42392

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-0866

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-43797

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-42392

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://issues.jboss.org/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3629

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-38153

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-40690

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-2471

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-2471

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0225

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-2668

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-2668

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0225

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-37137

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1319

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-37136

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23221

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23913

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-21363

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42003

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42004

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-42004

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-42003

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22137

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27223

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9492

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22132

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28164

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28165

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28163

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22132

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28164

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20289

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6407

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37714

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3629

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3520

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28163

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20289

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37714

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27223

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=red.hat.integration&version=2022-q3

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22137

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q3

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9492

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2256

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:6783

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2256

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23437

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21299

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21299

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23913

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24785

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1319

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:4919

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21363

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0853

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23437

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0853

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-41715

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2880

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2880

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-27664

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2879

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-27664

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-41715

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-37601

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0264

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-2879

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-32190

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-37601

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-32190

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=securitypatches&version=7.6

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7417

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=data.grid&downloadtype=securitypatches&version=8.3

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.3/html-single/red_hat_data_grid_8.3_release_notes/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:2232

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-46877

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40149

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=2.4.0

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0341

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24823

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40149

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:3223

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-36944

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-1370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-46877

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-36944

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24823

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-0833

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0833

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2023-1370

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0341

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:2312

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25845

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22573

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22119

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22970

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.11.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-7020

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22119

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35517

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35516

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33813

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21724

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22932

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-30126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22978

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25329

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42340

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3642

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4178

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3807

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41079

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15250

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22096

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22573

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7020

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22968

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22569

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23596

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-24122

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36090

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9484

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43859

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-26520

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42550

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9484

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29582

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1259

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35515

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5532

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3644

Trust: 0.1

sources: VULHUB: VHN-415522 // PACKETSTORM: 168333 // PACKETSTORM: 168621 // PACKETSTORM: 167424 // PACKETSTORM: 170602 // PACKETSTORM: 169727 // PACKETSTORM: 167157 // PACKETSTORM: 172453 // PACKETSTORM: 172220 // PACKETSTORM: 167841 // NVD: CVE-2020-36518

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 168333 // PACKETSTORM: 168621 // PACKETSTORM: 167424 // PACKETSTORM: 170602 // PACKETSTORM: 169727 // PACKETSTORM: 167157 // PACKETSTORM: 172453 // PACKETSTORM: 172220 // PACKETSTORM: 167841

SOURCES

db:VULHUBid:VHN-415522
db:PACKETSTORMid:168333
db:PACKETSTORMid:168621
db:PACKETSTORMid:167424
db:PACKETSTORMid:170602
db:PACKETSTORMid:169727
db:PACKETSTORMid:167157
db:PACKETSTORMid:172453
db:PACKETSTORMid:172220
db:PACKETSTORMid:167841
db:NVDid:CVE-2020-36518

LAST UPDATE DATE

2025-05-27T21:17:20.711000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-415522date:2022-11-29T00:00:00
db:NVDid:CVE-2020-36518date:2022-11-29T22:12:38.183

SOURCES RELEASE DATE

db:VULHUBid:VHN-415522date:2022-03-11T00:00:00
db:PACKETSTORMid:168333date:2022-09-09T16:15:16
db:PACKETSTORMid:168621date:2022-10-05T14:25:53
db:PACKETSTORMid:167424date:2022-06-07T15:15:05
db:PACKETSTORMid:170602date:2023-01-20T15:25:30
db:PACKETSTORMid:169727date:2022-11-04T13:43:44
db:PACKETSTORMid:167157date:2022-05-12T16:34:47
db:PACKETSTORMid:172453date:2023-05-18T13:50:51
db:PACKETSTORMid:172220date:2023-05-09T15:20:56
db:PACKETSTORMid:167841date:2022-07-27T17:27:19
db:NVDid:CVE-2020-36518date:2022-03-11T07:15:07.800