Oracle Commerce Guided Search 11.3.2 Framework/Experience Manager Remote Code Execution

A vulnerability has been found in Oracle Commerce Guided Search 11.3.2 and classified as critical. This vulnerability affects an unknown part of the component Framework/Experience Manager. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field	07/20/2022 08:15 AM	08/06/2022 07:46 PM	08/06/2022 07:53 PM
vendor	Oracle	Oracle	Oracle
name	Commerce Guided Search	Commerce Guided Search	Commerce Guided Search
cve	CVE-2020-28052	CVE-2020-28052	CVE-2020-28052
component	Framework/Experience Manager	Framework/Experience Manager	Framework/Experience Manager
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	H	H	H
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	H	H	H
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	H	H	H
version	11.3.2	11.3.2	11.3.2
cvss3_vuldb_rc	C	C	C
cvss3_vuldb_rl	O	O	O
url	https://www.oracle.com/security-alerts/cpujul2022.html	https://www.oracle.com/security-alerts/cpujul2022.html	https://www.oracle.com/security-alerts/cpujul2022.html
date	1658181600 (07/19/2022)	1658181600 (07/19/2022)	1658181600 (07/19/2022)
identifier	Oracle Critical Patch Update Advisory - July 2022	Oracle Critical Patch Update Advisory - July 2022	Oracle Critical Patch Update Advisory - July 2022
date	1658181600 (07/19/2022)	1658181600 (07/19/2022)	1658181600 (07/19/2022)
name	Upgrade	Upgrade	Upgrade
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	H	H	H
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	C	C	C
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	7.6	7.6	7.6
cvss2_vuldb_tempscore	6.6	6.6	6.6
cvss3_vuldb_basescore	8.1	8.1	8.1
cvss3_vuldb_tempscore	7.7	7.7	7.7
cvss3_meta_basescore	8.1	8.1	8.1
cvss3_meta_tempscore	7.7	7.7	7.9
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cve_assigned		1604271600 (11/02/2020)	1604271600 (11/02/2020)
cve_nvd_summary		An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.	An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
cvss3_nvd_av			N
cvss3_nvd_ac			H
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			M
cvss2_nvd_au			N
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss2_nvd_basescore			6.8
cvss3_nvd_basescore			8.1

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!