CVE-2010-20117
Summary
by MITRE • 04/22/2026
This CVE has the been REJECTED and will not be published by the CNA.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/10/2026
This CVE has been formally rejected by the coordinating national authority and will not be published within the official CVE database. The rejection typically occurs when the vulnerability does not meet the criteria for inclusion in the CVE system or when the reported issue has already been addressed through other means. Such rejections may arise from various circumstances including but not limited to duplicate reporting, lack of sufficient evidence, or determination that the reported issue does not constitute a vulnerability according to established CVE guidelines and processes. When a CVE is rejected, it indicates that the vulnerability either does not meet the definition of a security vulnerability or that it has been resolved through existing mitigation measures, making further CVE publication unnecessary. Organizations should monitor official sources and security advisories from vendors and security researchers for any updates regarding rejected vulnerabilities that may have been previously reported or that could potentially be relevant to their security posture. The rejection process helps maintain the integrity and accuracy of the CVE database by ensuring that only valid and significant security vulnerabilities are included in the official records.
The decision to reject a CVE typically follows a thorough evaluation process conducted by the CNA or the organization responsible for CVE assignment. This process may involve verification of the reported vulnerability through independent testing, assessment of the impact and exploitability of the issue, and comparison against existing CVE entries to identify potential duplicates or similar reporting. Rejected CVEs may still be discussed in security communities or may be referenced in vendor advisories, but they do not appear in the official CVE database. The rejection does not necessarily indicate that the reported issue is insignificant, but rather that it does not meet the specific criteria for CVE inclusion. Organizations should understand that while a CVE may be rejected, the underlying issue could still pose security risks that require attention and remediation through other means such as vendor patches, configuration changes, or operational security measures. Security teams should maintain awareness of both published and rejected vulnerabilities to ensure comprehensive protection of their systems and networks.
When a vulnerability is rejected by a CNA, it reflects a formal assessment that the issue does not warrant inclusion in the CVE database according to established standards and procedures. The rejection may be based on several factors including insufficient evidence of a security vulnerability, lack of reproducibility, or determination that the reported behavior is not a security concern. This process ensures that the CVE database maintains its credibility and usefulness by excluding false positives or issues that do not meet the definition of a security vulnerability. The rejection decision typically involves review by technical experts who evaluate the reported vulnerability against criteria such as impact, exploitability, and the presence of a security flaw. Organizations should recognize that while a CVE may be rejected, the underlying security issue may still require attention and mitigation. The CVE rejection process serves as a quality control mechanism that helps security professionals focus their efforts on vulnerabilities that have been properly validated and documented in the official CVE database. Security researchers and vendors continue to monitor and address vulnerabilities through other channels and mechanisms even when they are not included in the CVE database.