CVE-2020-1971

Published on: 12/08/2020 12:00:00 AM UTC

Last Modified on: 08/29/2022 08:27:00 PM UTC

CVE-2020-1971

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

  • CVE-2020-1971 has been assigned by URL Logo openssl-secur[email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: URL Logo OpenSSL - OpenSSL version Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h)
  • Affected Vendor/Software: URL Logo OpenSSL - OpenSSL version Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w)

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 4.3 - MEDIUM

Access
Vector		 Access
Complexity		 Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
Public KB - SA44676 - December 08 2020 OpenSSL Security Advisory Third Party Advisory
kb.pulsesecure.net
text/html
 URL Logo CONFIRM kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676
Debian -- Security Information -- DSA-4807-1 openssl Third Party Advisory
www.debian.org
Depreciated Link
text/html
 URL Logo DEBIAN DSA-4807
git.openssl.org Git - openssl.git/commitdiff Broken Link
git.openssl.org
text/xml
Inactive LinkNot Archived
 URL Logo CONFIRM git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e
Pony Mail! Mailing List
Third Party Advisory
lists.apache.org
text/html
 URL Logo MLIST [tomcat-dev] 20210207 [Bug 65126] New: A security vulnerability cve-2020-1971 in Tomcat dependency Library in version 9.0.40.
Oracle Critical Patch Update Advisory - April 2022 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpuapr2022.html
April 2021 MySQL Vulnerabilities in NetApp Products | NetApp Product Security security.netapp.com
text/html
 URL Logo CONFIRM security.netapp.com/advisory/ntap-20210513-0002/
Oracle Critical Patch Update Advisory - July 2021 www.oracle.com
text/html
 URL Logo MISC www.oracle.com//security-alerts/cpujul2021.html
[R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities - Security Advisory | Tenable® Third Party Advisory
www.tenable.com
text/html
 URL Logo CONFIRM www.tenable.com/security/tns-2020-11
Oracle Critical Patch Update Advisory - October 2021 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpuoct2021.html
[R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® www.tenable.com
text/html
 URL Logo CONFIRM www.tenable.com/security/tns-2021-09
[R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® www.tenable.com
text/html
 URL Logo CONFIRM www.tenable.com/security/tns-2021-10
[SECURITY] [DLA 2492-1] openssl security update Mailing List
Third Party Advisory
lists.debian.org
text/html
 URL Logo MLIST [debian-lts-announce] 20201214 [SECURITY] [DLA 2492-1] openssl security update
Pony Mail! Third Party Advisory
lists.apache.org
text/html
 URL Logo MLIST [pulsar-commits] 20201216 [GitHub] [pulsar] phijohns-tibco opened a new issue #8978: OpenSSL needs to be updated to 1.1.1i current version is unsupported.
git.openssl.org Git - openssl.git/commitdiff Patch
Vendor Advisory
git.openssl.org
text/xml
 URL Logo CONFIRM git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920
Vendor Advisory
www.openssl.org
text/plain
 URL Logo CONFIRM www.openssl.org/news/secadv/20201208.txt
CVE-2020-1971 OpenSSL Vulnerability in NetApp Products | NetApp Product Security Third Party Advisory
security.netapp.com
text/html
 URL Logo CONFIRM security.netapp.com/advisory/ntap-20201218-0005/
OpenSSL: Denial of service (GLSA 202012-13) — Gentoo security Third Party Advisory
security.gentoo.org
text/html
 URL Logo GENTOO GLSA-202012-13
cert-portal.siemens.com
application/pdf
 URL Logo CONFIRM cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
[SECURITY] Fedora 32 Update: openssl-1.1.1i-1.fc32 - package-announce - Fedora Mailing-Lists Third Party Advisory
lists.fedoraproject.org
text/html
 URL Logo FEDORA FEDORA-2020-a31b01e945
Third Party Advisory
security.FreeBSD.org
text/plain
 URL Logo FREEBSD FreeBSD-SA-20:33
[SECURITY] Fedora 33 Update: openssl-1.1.1i-1.fc33 - package-announce - Fedora Mailing-Lists Third Party Advisory
lists.fedoraproject.org
text/html
 URL Logo FEDORA FEDORA-2020-ef1870065a
oss-security - Re: Oracle Solaris membership in the distros list www.openwall.com
text/html
 URL Logo MLIST [oss-security] 20210914 Re: Oracle Solaris membership in the distros list
Oracle Critical Patch Update Advisory - April 2021 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpuApr2021.html
[SECURITY] [DLA 2493-1] openssl1.0 security update Mailing List
Third Party Advisory
lists.debian.org
text/html
 URL Logo MLIST [debian-lts-announce] 20201214 [SECURITY] [DLA 2493-1] openssl1.0 security update
Oracle Critical Patch Update Advisory - January 2021 Third Party Advisory
www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpujan2021.html
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 159134 Oracle Enterprise Linux Security Update for openssl (ELSA-2021-9137)
  • 159137 Oracle Enterprise Linux Security Update for openssl (ELSA-2021-9150)
  • 159160 Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-9121)
  • 20221 Oracle MySQL April 2021 Critical Patch Update (CPUAPR2021)
  • 239735 Red Hat Update for red hat jboss web server 5.4.1 (RHSA-2021:0494)
  • 239738 Red Hat Update for red hat jboss web server 3.1 service pack 11 (RHSA-2021:0489)
  • 330079 IBM AIX Multiple Vulnerabilities in Openssl (openssl_advisory32)
  • 375337 IBM Spectrum Control Multiple Vulnerability(6415993)
  • 375482 Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUAPR2021)
  • 375965 Oracle Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (CPUOCT2021)
  • 376033 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM), Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM), Application Security Manager (ASM), Local Traffic Man[...]
  • 376039 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Open Secure Sockets Layer (OpenSSL) Vulnerability (K42910051)
  • 376911 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX2-SA-2020:0197)
  • 376918 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX3-SA-2021:0006)
  • 38846 Pulse Connect Secure and Pulse Policy Secure NULL Pointer Dereference (SA44676)
  • 390226 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)
  • 390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)
  • 500496 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
  • 500564 Alpine Linux Security Update forOpen Secure Sockets Layer (OpenSSL)
  • 500763 Alpine Linux Security Update for openssl
  • 501163 Alpine Linux Security Update for openssl
  • 501420 Alpine Linux Security Update for libressl
  • 501982 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
  • 502901 Alpine Linux Security Update for openssl1.1-compat
  • 591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
  • 610343 Google Pixel Android June 2021 Security Patch Missing
  • 610360 Google Android August 2021 Security Patch Missing for Samsung
  • 670196 EulerOS Security Update for openssl (EulerOS-SA-2021-1695)
  • 670197 EulerOS Security Update for openssl111d (EulerOS-SA-2021-1696)
  • 670784 EulerOS Security Update for shim (EulerOS-SA-2021-2542)
  • 670808 EulerOS Security Update for shim (EulerOS-SA-2021-2566)
  • 670846 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1160)
  • 670855 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1014)
  • 690151 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (56ba4513-a1be-11eb-9072-d4c9ef517024)
  • 690397 Free Berkeley Software Distribution (FreeBSD) Security Update for node.js (08b553ed-537a-11eb-be6e-0022489ad614)
  • 690403 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (1d56cfc5-3970-11eb-929d-d4c9ef517024)
  • 730118 Dell Unisphere for PowerMax Security Update for Multiple Third-Party Component Vulnerabilities
  • 730119 Dell Solutions Enabler Security Update for Multiple Third-Party Component Vulnerabilities
  • 750420 OpenSUSE Security Update for nodejs10 (openSUSE-SU-2021:0082-1)
  • 750431 OpenSUSE Security Update for nodejs10 (openSUSE-SU-2021:0065-1)
  • 750432 OpenSUSE Security Update for nodejs12 (openSUSE-SU-2021:0064-1)
  • 750484 OpenSUSE Security Update for openssl-1_0_0 (openSUSE-SU-2020:2269-1)
  • 750491 OpenSUSE Security Update for openssl-1_1 (openSUSE-SU-2020:2245-1)
  • 750495 OpenSUSE Security Update for openssl-1_0_0 (openSUSE-SU-2020:2236-1)
  • 750498 OpenSUSE Security Update for openssl-1_1 (openSUSE-SU-2020:2223-1)
  • 750690 SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2020:3762-1)
  • 770068 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2021:0436)
  • 900182 CBL-Mariner Linux Security Update for mysql 8.0.22
  • 903226 Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (3881)
  • 91781 IBM Integration Bus and IBM App Connect Enterprise Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (6444817,6444819)
  • 91822 Microsoft Visual Studio Security Update for October 2021
  • 940259 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2020:5476)

Exploit/POC from Github

CVE-2020-1971 Auto Scan & Remote Exploit Script. Auto Local Scan & Patch Script.

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System		DebianDebian Linux10.0AllAllAll
Operating
System		DebianDebian Linux9.0AllAllAll
Operating
System		DebianDebian Linux10.0AllAllAll
Operating
System		DebianDebian Linux9.0AllAllAll
Operating
System		FedoraprojectFedora32AllAllAll
Operating
System		FedoraprojectFedora33AllAllAll
Operating
System		FedoraprojectFedora32AllAllAll
Operating
System		FedoraprojectFedora33AllAllAll
ApplicationNetappActive Iq Unified Manager-AllAllAll
ApplicationNetappActive Iq Unified Manager-AllAllAll
Hardware Device InfoNetappAff A250-AllAllAll
Hardware Device InfoNetappAff A250-AllAllAll
Operating
System		NetappAff A250 Firmware-AllAllAll
Operating
System		NetappAff A250 Firmware-AllAllAll
ApplicationNetappClustered Data Ontap Antivirus Connector-AllAllAll
ApplicationNetappClustered Data Ontap Antivirus Connector-AllAllAll
ApplicationNetappData Ontap-AllAllAll
ApplicationNetappData Ontap-AllAllAll
ApplicationNetappE-series Santricity Os ControllerAllAllAllAll
Hardware Device InfoNetappEf600a-AllAllAll
Hardware Device InfoNetappEf600a-AllAllAll
Operating
System		NetappEf600a Firmware-AllAllAll
Operating
System		NetappEf600a Firmware-AllAllAll
Hardware Device InfoNetappHci Compute Node-AllAllAll
Hardware Device InfoNetappHci Compute Node-AllAllAll
ApplicationNetappHci Management Node-AllAllAll
ApplicationNetappHci Management Node-AllAllAll
Hardware Device InfoNetappHci Storage Node-AllAllAll
Hardware Device InfoNetappHci Storage Node-AllAllAll
ApplicationNetappManageability Software Development Kit-AllAllAll
ApplicationNetappManageability Software Development Kit-AllAllAll
ApplicationNetappOncommand Insight-AllAllAll
ApplicationNetappOncommand Workflow Automation-AllAllAll
ApplicationNetappPlug-in For Symantec Netbackup-AllAllAll
ApplicationNetappPlug-in For Symantec Netbackup-AllAllAll
ApplicationNetappSantricity Smi-s Provider-AllAllAll
ApplicationNetappSantricity Smi-s Provider-AllAllAll
ApplicationNetappSnapcenter-AllAllAll
ApplicationNetappSolidfire-AllAllAll
ApplicationNetappSolidfire-AllAllAll
ApplicationNodejsNode.jsAllAllAllAll
ApplicationNodejsNode.jsAllAllAllAll
ApplicationNodejsNode.jsAllAllAllAll
ApplicationNodejsNode.jsAllAllAllAll
ApplicationNodejsNode.jsAllAllAllAll
ApplicationOpensslOpensslAllAllAllAll
ApplicationOpensslOpensslAllAllAllAll
ApplicationOpensslOpensslAllAllAllAll
ApplicationOracleApi Gateway11.1.2.4.0AllAllAll
ApplicationOracleBusiness Intelligence12.2.1.3.0AllAllAll
ApplicationOracleBusiness Intelligence12.2.1.4.0AllAllAll
ApplicationOracleBusiness Intelligence5.5.0.0.0AllAllAll
ApplicationOracleBusiness Intelligence5.9.0.0.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Function Cloud Native Environment1.10.0AllAllAll
ApplicationOracleCommunications Diameter Intelligence HubAllAllAllAll
ApplicationOracleCommunications Diameter Intelligence HubAllAllAllAll
ApplicationOracleCommunications Session Border Controllercz8.2AllAllAll
ApplicationOracleCommunications Session Border Controllercz8.3AllAllAll
ApplicationOracleCommunications Session Border Controllercz8.4AllAllAll
ApplicationOracleCommunications Session Routercz8.2AllAllAll
ApplicationOracleCommunications Session Routercz8.3AllAllAll
ApplicationOracleCommunications Session Routercz8.4AllAllAll
ApplicationOracleCommunications Subscriber-aware Load Balancercz8.2AllAllAll
ApplicationOracleCommunications Subscriber-aware Load Balancercz8.3AllAllAll
ApplicationOracleCommunications Subscriber-aware Load Balancercz8.4AllAllAll
ApplicationOracleCommunications Unified Session Managerscz8.2.5AllAllAll
ApplicationOracleEnterprise Communications Brokerpcz3.1AllAllAll
ApplicationOracleEnterprise Communications Brokerpcz3.2AllAllAll
ApplicationOracleEnterprise Communications Brokerpcz3.3AllAllAll
ApplicationOracleEnterprise Manager Base Platform13.3.0.0AllAllAll
ApplicationOracleEnterprise Manager Base Platform13.4.0.0AllAllAll
ApplicationOracleEnterprise Manager Base Platform13.3.0.0AllAllAll
ApplicationOracleEnterprise Manager Base Platform13.4.0.0AllAllAll
ApplicationOracleEnterprise Manager For Storage Management13.4.0.0AllAllAll
ApplicationOracleEnterprise Manager Ops Center12.4.0.0AllAllAll
ApplicationOracleEnterprise Session Border Controllercz8.2AllAllAll
ApplicationOracleEnterprise Session Border Controllercz8.3AllAllAll
ApplicationOracleEnterprise Session Border Controllercz8.4AllAllAll
ApplicationOracleEssbase21.2AllAllAll
ApplicationOracleGraalvm19.3.4AllAllAll
ApplicationOracleGraalvm20.3.0AllAllAll
ApplicationOracleGraalvm19.3.4AllAllAll
ApplicationOracleGraalvm20.3.0AllAllAll
ApplicationOracleHttp Server12.2.1.4.0AllAllAll
ApplicationOracleJd Edwards Enterpriseone ToolsAllAllAllAll
ApplicationOracleJd Edwards World Securitya9.4AllAllAll
ApplicationOracleMysqlAllAllAllAll
ApplicationOracleMysql ServerAllAllAllAll
ApplicationOracleMysql ServerAllAllAllAll
ApplicationOraclePeoplesoft Enterprise Peopletools8.56AllAllAll
ApplicationOraclePeoplesoft Enterprise Peopletools8.57AllAllAll
ApplicationOraclePeoplesoft Enterprise Peopletools8.58AllAllAll
ApplicationSiemensSinec Infrastructure Network ServicesAllAllAllAll
ApplicationTenableLog Correlation EngineAllAllAllAll
ApplicationTenableNessus Network MonitorAllAllAllAll
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*:
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*:
  • cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*:
  • cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*:
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:ef600a:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:ef600a:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:ef600a_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:ef600a_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*:
  • cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*:
  • cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*:
  • cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*:
  • cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*:
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_session_border_controller:cz8.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_session_border_controller:cz8.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_session_router:cz8.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_session_router:cz8.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_unified_session_manager:scz8.2.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*:
  • cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*:
  • cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*:

Discovery Credit

David Benjamin (Google)

Social Mentions

Source Title Posted (UTC)
Twitter Icon @tukanana おお、NVR510ファームウェアupdateキタ。 rtpro.yamaha.co.jp/RT/docs/relnot… 「CVE-2020-1971(JPCERT/CC JVNVU#91053554)」 #YAMAHA 2021-04-23 09:59:42
Twitter Icon @softek_jp Pulse Connect Secure に含まれる OpenSSL の処理にサービスを妨害される問題 (CVE-2020-1971) [38894] sid.softek.jp/content/show/3… #SIDfm #脆弱性情報 2021-05-12 08:38:26
Twitter Icon @LinInfoSec Mysql - CVE-2020-1971: git.openssl.org/gitweb/?p=open… 2021-05-12 15:44:34
Reddit Logo Icon /r/synology SRM 1.2.5 Released; up to 47% increase in SSL VPN performance 2021-05-11 18:51:58
Reddit Logo Icon /r/unifi_versions UniFi OS - Dream Machines 1.10.0 2021-07-09 07:50:12
Reddit Logo Icon /r/sysadmin NXLog randomly stops sending SSL logs on Windows client 2022-10-21 18:18:42
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report