CVE-2020-28052

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-28052
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://github.com/bcgit/bc-java/wiki/CVE-2020-28052 Mitigation Patch Third Party Advisory
https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E
https://www.bouncycastle.org/releasenotes.html Release Notes Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Patch Third Party Advisory
https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.65:*:*:*:*:*:*:*
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.66:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:apache:karaf:4.3.2:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*
cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
History

07 Nov 2023, 03:21

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E', 'name': '[karaf-issues] 20210810 [jira] [Created] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E', 'name': '[karaf-issues] 20210817 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E', 'name': '[kafka-jira] 20210107 [GitHub] [kafka] cyrusv opened a new pull request #9845: MINOR: Bump Bouncy Castle Dep to resolve CVE-2020-28052', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E', 'name': '[karaf-issues] 20210824 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E', 'name': '[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.69 artifacts to mitigate CVE-2020-28052', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E', 'name': '[druid-commits] 20210127 [druid] 01/02: Update deps for CVE-2020-28168 and CVE-2020-28052 (#10733)', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E', 'name': '[karaf-issues] 20210810 [jira] [Commented] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E', 'name': '[karaf-issues] 20210824 [jira] [Resolved] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E', 'name': '[druid-commits] 20210107 [GitHub] [druid] clintropolis merged pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E', 'name': '[karaf-issues] 20210820 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E', 'name': '[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari commented on issue #9235: Upgrade Bounce Castle dependency on client to solve CVE-2020-28052', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E', 'name': '[druid-commits] 20210107 [GitHub] [druid] jon-wei opened a new pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E', 'name': '[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E', 'name': '[solr-issues] 20210525 [jira] [Created] (SOLR-15431) Security vulnerability with Bouncy Castle library within Apache Solr 8.8.2', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E', 'name': '[karaf-issues] 20210810 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E', 'name': '[pulsar-commits] 20210119 [GitHub] [pulsar] fmiguelez opened a new issue #9235: Upgrade Bounce Castle dependency on client to solve CVE-2020-28052', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E', 'name': '[karaf-issues] 20210817 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052', 'tags': ['Mailing List', 'Patch', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E -
  • () https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E -
  • () https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E -
  • () https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3E -
  • () https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E -
  • () https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E -
  • () https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53%40%3Ccommits.pulsar.apache.org%3E -
  • () https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d%40%3Cjira.kafka.apache.org%3E -
  • () https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E -
  • () https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E -
  • () https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc%40%3Ccommits.pulsar.apache.org%3E -
  • () https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3E -
  • () https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E -
  • () https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E -
  • () https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E -
  • () https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E -
  • () https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E -

02 Feb 2023, 22:22

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
First Time Oracle commerce Guided Search
References (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory

25 Jul 2022, 18:15

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

12 May 2022, 14:47

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
CPE cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
First Time Oracle blockchain Platform

20 Apr 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

04 Apr 2022, 13:32

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
First Time Oracle communications Convergence
References (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory

07 Feb 2022, 16:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

08 Dec 2021, 19:56

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*
References (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory

20 Oct 2021, 11:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -

21 Sep 2021, 17:51

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:karaf:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*
cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*
References (MLIST) https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E - Mailing List, Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E - Mailing List, Third Party Advisory
References (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E - Mailing List, Patch, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E - Mailing List, Third Party Advisory

24 Aug 2021, 10:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E -
  • (MLIST) https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E -

20 Aug 2021, 12:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E -
  • (MLIST) https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E -
  • (MLIST) https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E -

17 Aug 2021, 15:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E -
  • (MLIST) https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E -

16 Aug 2021, 15:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E -
  • (MLIST) https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E -
  • (MLIST) https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E -

10 Aug 2021, 09:15

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com//security-alerts/cpujul2021.html -

14 Jun 2021, 18:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -

28 May 2021, 15:14

Type Values Removed Values Added
CPE cpe:2.3:a:apache:solr:8.8.2:*:*:*:*:*:*:*

26 May 2021, 13:33

Type Values Removed Values Added
CPE cpe:2.3:a:apache:solr:8.8.2:*:*:*:*:*:*:*
References (MLIST) https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E - Mailing List, Third Party Advisory

25 May 2021, 13:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E -

06 Apr 2021, 19:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E -

03 Feb 2021, 15:29

Type Values Removed Values Added
References (MLIST) https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E - Mailing List, Patch, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E - Mailing List, Patch, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E - Mailing List, Third Party Advisory (MLIST) https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E - Mailing List, Patch, Third Party Advisory

27 Jan 2021, 07:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E -

19 Jan 2021, 11:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E -

13 Jan 2021, 20:07

Type Values Removed Values Added
References (MLIST) https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E - Mailing List, Third Party Advisory
CVSS v2 : 7.5
v3 : 9.8 		v2 : 6.8
v3 : 8.1

08 Jan 2021, 06:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E -

08 Jan 2021, 00:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E -

07 Jan 2021, 08:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E -
Information

Published : 2020-12-18 01:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-28052

Mitre link : CVE-2020-28052

CVE.ORG link : CVE-2020-28052

JSON object : View

Products Affected

oracle

  • banking_extensibility_workbench
  • communications_convergence
  • banking_virtual_account_management
  • banking_supply_chain_finance
  • communications_pricing_design_center
  • communications_cloud_native_core_network_slice_selection_function
  • communications_session_route_manager
  • utilities_framework
  • communications_messaging_server
  • commerce_guided_search
  • banking_corporate_lending_process_management
  • communications_application_session_controller
  • banking_credit_facilities_process_management
  • jd_edwards_enterpriseone_tools
  • webcenter_portal
  • blockchain_platform
  • communications_session_report_manager
  • peoplesoft_enterprise_peopletools

bouncycastle

  • legion-of-the-bouncy-castle-java-crytography-api

apache

  • karaf
CWE
NVD-CWE-Other