VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-zh4q-8g5x-aaas

Essentials
Severities (113)
References (38)
Severity details (45)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-zh4q-8g5x-aaas
Aliases	BIT-2020-7471 BIT-django-2020-7471 CVE-2020-7471 GHSA-hmr4-m2h5-33qx PYSEC-2020-35
Summary	Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a suitably crafted delimiter to a contrib.postgres.aggregates.StringAgg instance, it was possible to break escaping and inject malicious SQL.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7471.html
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7471.json
epss	0.00551	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.00551	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.00551	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.00551	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.01036	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.01036	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.01036	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.01036	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.01036	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.01036	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.01036	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.01036	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.01036	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.01036	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.01036	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.07771	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.08683	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
epss	0.15892	https://api.first.org/data/v1/epss?cve=CVE-2020-7471
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=1798515
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471
cvssv3.1	8.8	https://docs.djangoproject.com/en/3.0/releases/security
generic_textual	HIGH	https://docs.djangoproject.com/en/3.0/releases/security
cvssv3.1	7.6	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-hmr4-m2h5-33qx
cvssv3.1	3.7	https://github.com/django/django
generic_textual	MODERATE	https://github.com/django/django
cvssv3.1	9.8	https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd
generic_textual	CRITICAL	https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd
cvssv3.1	9.8	https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b
generic_textual	CRITICAL	https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b
cvssv3.1	9.8	https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147
generic_textual	CRITICAL	https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147
cvssv3.1	9.8	https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
generic_textual	CRITICAL	https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
cvssv3.1	9.8	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml
generic_textual	CRITICAL	https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml
cvssv3.1	9.8	https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
generic_textual	CRITICAL	https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
cvssv3.1	8.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2020-7471
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2020-7471
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2020-7471
cvssv3.1	9.8	https://seclists.org/bugtraq/2020/Feb/30
generic_textual	CRITICAL	https://seclists.org/bugtraq/2020/Feb/30
archlinux	Medium	https://security.archlinux.org/AVG-1091
cvssv3.1	8.8	https://security.gentoo.org/glsa/202004-17
generic_textual	HIGH	https://security.gentoo.org/glsa/202004-17
cvssv3.1	9.8	https://security.netapp.com/advisory/ntap-20200221-0006
generic_textual	CRITICAL	https://security.netapp.com/advisory/ntap-20200221-0006
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4264-1
cvssv3.1	9.8	https://usn.ubuntu.com/4264-1
generic_textual	CRITICAL	https://usn.ubuntu.com/4264-1
generic_textual	Medium	https://usn.ubuntu.com/usn/usn-4264-1
cvssv3.1	9.8	https://www.debian.org/security/2020/dsa-4629
generic_textual	CRITICAL	https://www.debian.org/security/2020/dsa-4629
cvssv3.1	9.8	https://www.djangoproject.com/weblog/2020/feb/03/security-releases
generic_textual	CRITICAL	https://www.djangoproject.com/weblog/2020/feb/03/security-releases
cvssv3.1	9.8	https://www.openwall.com/lists/oss-security/2020/02/03/1
generic_textual	CRITICAL	https://www.openwall.com/lists/oss-security/2020/02/03/1
cvssv3.1	9.8	http://www.openwall.com/lists/oss-security/2020/02/03/1
generic_textual	CRITICAL	http://www.openwall.com/lists/oss-security/2020/02/03/1

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7471.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7471.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-7471
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7471
		https://docs.djangoproject.com/en/3.0/releases/security
		https://docs.djangoproject.com/en/3.0/releases/security/
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/django/django
		https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd
		https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b
		https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147
		https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136
		https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml
		https://groups.google.com/forum/#%21topic/django-announce/X45S86X5bZI
		https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ/
		https://seclists.org/bugtraq/2020/Feb/30
		https://security.gentoo.org/glsa/202004-17
		https://security.netapp.com/advisory/ntap-20200221-0006
		https://security.netapp.com/advisory/ntap-20200221-0006/
		https://ubuntu.com/security/notices/USN-4264-1
		https://usn.ubuntu.com/4264-1
		https://usn.ubuntu.com/4264-1/
		https://usn.ubuntu.com/usn/usn-4264-1
		https://www.debian.org/security/2020/dsa-4629
		https://www.djangoproject.com/weblog/2020/feb/03/security-releases
		https://www.djangoproject.com/weblog/2020/feb/03/security-releases/
		https://www.openwall.com/lists/oss-security/2020/02/03/1
		http://www.openwall.com/lists/oss-security/2020/02/03/1
1798515		https://bugzilla.redhat.com/show_bug.cgi?id=1798515
950581		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950581
ASA-202002-1		https://security.archlinux.org/ASA-202002-1
AVG-1091		https://security.archlinux.org/AVG-1091
cpe:2.3:a:djangoproject:django::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:djangoproject:django::::::::
CVE-2020-7471		https://nvd.nist.gov/vuln/detail/CVE-2020-7471
GHSA-hmr4-m2h5-33qx		https://github.com/advisories/GHSA-hmr4-m2h5-33qx

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7471.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://docs.djangoproject.com/en/3.0/releases/security

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/django/django

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2020-35.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://groups.google.com/forum/#!topic/django-announce/X45S86X5bZI

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4A2AP4T7RKPBCLTI2NNQG3T6MINDUUMZ

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-7471

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-7471

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-7471

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://seclists.org/bugtraq/2020/Feb/30

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202004-17

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20200221-0006

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://usn.ubuntu.com/4264-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2020/dsa-4629

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.djangoproject.com/weblog/2020/feb/03/security-releases

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.openwall.com/lists/oss-security/2020/02/03/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2020/02/03/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.77332
EPSS Score	0.00551
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.