Oracle Commerce Guided Search 11.3.2 Framework/Experience Manager Remote Code Execution

A vulnerability has been found in Oracle Commerce Guided Search 11.3.2 and classified as critical. This vulnerability affects an unknown part of the component Framework/Experience Manager. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field07/20/2022 08:15 AM08/06/2022 07:46 PM08/06/2022 07:53 PM
vendorOracleOracleOracle
nameCommerce Guided SearchCommerce Guided SearchCommerce Guided Search
cveCVE-2020-28052CVE-2020-28052CVE-2020-28052
componentFramework/Experience ManagerFramework/Experience ManagerFramework/Experience Manager
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
version11.3.211.3.211.3.2
cvss3_vuldb_rcCCC
cvss3_vuldb_rlOOO
urlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
identifierOracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
nameUpgradeUpgradeUpgrade
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore7.67.67.6
cvss2_vuldb_tempscore6.66.66.6
cvss3_vuldb_basescore8.18.18.1
cvss3_vuldb_tempscore7.77.77.7
cvss3_meta_basescore8.18.18.1
cvss3_meta_tempscore7.77.77.9
price_0day$5k-$25k$5k-$25k$5k-$25k
cve_assigned1604271600 (11/02/2020)1604271600 (11/02/2020)
cve_nvd_summaryAn issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
cvss3_nvd_avN
cvss3_nvd_acH
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss2_nvd_basescore6.8
cvss3_nvd_basescore8.1

Do you need the next level of professionalism?

Upgrade your account now!