CVE-2020-28052 in Business Intelligence Enterprise Editioninfo

Summary

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

11/02/2020

Disclosure

12/18/2020

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
226577	Oracle Business Intelligence Enterprise Edition Analytics Web General Remote Code Execution		Not defined	Official fix	CVE-2020-28052
211535	Oracle WebLogic Server Centralized Thirdparty Jars Remote Code Execution		Not defined	Official fix	CVE-2020-28052
211533	Oracle Business Process Management Suite Installer Remote Code Execution		Not defined	Official fix	CVE-2020-28052
204214	Oracle Commerce Guided Search Framework/Experience Manager Remote Code Execution		Not defined	Official fix	CVE-2020-28052
197704	Oracle Blockchain Platform BCS Console Remote Code Execution		Not defined	Official fix	CVE-2020-28052
190774	Oracle Communications Convergence Messaging Remote Code Execution		Not defined	Official fix	CVE-2020-28052
184802	Oracle Banking Virtual Account Management Bouncy Castle Java Remote Code Execution		Not defined	Official fix	CVE-2020-28052
184801	Oracle Banking Supply Chain Finance Bouncy Castle Java Remote Code Execution		Not defined	Official fix	CVE-2020-28052
184799	Oracle Banking Extensibility Workbench Bouncy Castle Java Remote Code Execution		Not defined	Official fix	CVE-2020-28052
184798	Oracle Banking Credit Facilities Process Management Bouncy Castle Java Remote Code Execution		Not defined	Official fix	CVE-2020-28052
184796	Oracle Banking Corporate Lending Process Management Bouncy Castle Java Remote Code Execution		Not defined	Official fix	CVE-2020-28052
184702	Oracle Communications Session Route Manager Bouncy Castle Java Remote Code Execution		Not defined	Official fix	CVE-2020-28052
184700	Oracle Communications Session Report Manager Bouncy Castle Java Remote Code Execution		Not defined	Official fix	CVE-2020-28052
179087	Oracle WebCenter Portal Bouncy Castle Java Remote Code Execution		Not defined	Official fix	CVE-2020-28052
173690	Oracle Utilities Framework Securty Remote Code Execution		Not defined	Official fix	CVE-2020-28052
173612	Oracle PeopleSoft Enterprise PeopleTools XML Messaging Remote Code Execution		Not defined	Official fix	CVE-2020-28052
173552	Oracle JD Edwards EnterpriseOne Tools E1 Dev Platform Tech - Cloud Remote Code Execution		Not defined	Official fix	CVE-2020-28052
173364	Oracle Communications Application Session Controller Bouncy Castle Java Remote Code Execution		Not defined	Official fix	CVE-2020-28052
173354	Oracle Communications Messaging Server Message Store Remote Code Execution		Not defined	Official fix	CVE-2020-28052
166554	Bouncy Castle Legion of the Bouncy Castle Utility Method OpenBSDBCrypt.checkPassword comparison	697	Not defined	Official fix	CVE-2020-28052

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!