{ "id": "CVE-2020-28052", "sourceIdentifier": "cve@mitre.org", "published": "2020-12-18T01:15:12.587", "lastModified": "2024-11-21T05:22:17.200", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different." }, { "lang": "es", "value": "Se detect\u00f3 un problema en Legion of the Bouncy Castle BC Java versiones 1.65 y 1.66. El m\u00e9todo de la utilidad OpenBSDBCrypt.checkPassword compar\u00f3 datos incorrectos al comprobar la contrase\u00f1a, permitiendo a unas contrase\u00f1as incorrectas indicar que coinciden con otras previamente en hash que eran diferentes" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.2, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "baseScore": 6.8, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.65:*:*:*:*:*:*:*", "matchCriteriaId": "2376544D-C966-4800-B6B6-B50E5EEAB485" }, { "vulnerable": true, "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.66:*:*:*:*:*:*:*", "matchCriteriaId": "53F165CD-778A-4EC6-B6EF-530988A13730" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:apache:karaf:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "39A638A5-E448-4516-A916-7D6E79168D1A" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0CF9A061-2421-426D-9854-0A4E55B2961D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F95EDC3D-54BB-48F9-82F2-7CCF335FCA78" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B72B735F-4E52-484A-9C2C-23E6E2070385" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8B36A1D4-F391-4EE3-9A65-0A10568795BA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "0275F820-40BE-47B8-B167-815A55DF578E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C8E145E-1DF0-4B18-B625-F04DF71F6ACF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EABAFD73-150F-4DFE-B721-29EB4475D979" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A45D47B-3401-49CF-92EE-79D007D802A9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6A8420D4-AAF1-44AA-BF28-48EE3ED310B9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FB80AC5-35F2-4703-AD93-416B46972EEB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "19DAAEFF-AB4A-4D0D-8C86-D2F2811B53B1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D1534C11-E3F5-49F3-8F8D-7C5C90951E69" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D952E04D-DE2D-4AE0-BFE6-7D9B7E55AC80" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1111BCFD-E336-4B31-A87E-76C684AC6DE4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "versionEndExcluding": "21.1.2", "matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:*", "matchCriteriaId": "441FD998-ABE6-4377-AAFA-FEAE42352FE8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "ADE6EF8F-1F05-429B-A916-76FDB20CEB81" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.2.4.0", "matchCriteriaId": "9B7C949D-0AB3-4566-9096-014C82FC1CF1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.2.0", "versionEndIncluding": "8.2.4", "matchCriteriaId": "C0BDC1A4-FA97-4BF9-93B8-BA3E5775C475" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "versionEndIncluding": "9.2.5.3", "matchCriteriaId": "0E561CFF-BB8A-4CFD-916D-4410A9265922" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103" }, { "vulnerable": true, "criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E819270D-AA7D-4B0E-990B-D25AB6E46FBC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "7569C0BD-16C1-441E-BAEB-840C94BE73EF" } ] } ] } ], "references": [ { "url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-28052", "source": "cve@mitre.org", "tags": [ "Mitigation", "Patch", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53%40%3Ccommits.pulsar.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc%40%3Ccommits.pulsar.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d%40%3Cjira.kafka.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E", "source": "cve@mitre.org" }, { "url": "https://www.bouncycastle.org/releasenotes.html", "source": "cve@mitre.org", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://www.oracle.com//security-alerts/cpujul2021.html", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpujan2022.html", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/", "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-28052", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mitigation", "Patch", "Third Party Advisory" ] }, { "url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53%40%3Ccommits.pulsar.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc%40%3Ccommits.pulsar.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d%40%3Cjira.kafka.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://www.bouncycastle.org/releasenotes.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://www.oracle.com//security-alerts/cpujul2021.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpujan2022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ] } ] }