CVE-2020-28052 - Vulnerability Details

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Karaf
Bouncycastle	Legion-of-the-bouncy-castle-java-crytography-api
Oracle	Banking Corporate Lending Process Management Banking Credit Facilities Process Management Banking Extensibility Workbench Banking Supply Chain Finance Banking Virtual Account Management Blockchain Platform Commerce Guided Search Communications Application Session Controller Communications Cloud Native Core Network Slice Selection Function Communications Convergence Communications Messaging Server Communications Pricing Design Center Communications Session Report Manager Communications Session Route Manager Jd Edwards Enterpriseone Tools Peoplesoft Enterprise Peopletools Utilities Framework Webcenter Portal
Redhat	Camel Quarkus Integration Jboss Enterprise Application Platform Jboss Enterprise Application Platform Eus Jboss Fuse Jbosseapxp Red Hat Single Sign On

Configuration 1 [-]

OR	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.65:::::::*
	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.66:::::::*

Configuration 2 [-]

cpe:2.3:a:apache:karaf:4.3.2:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:::::::*
	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:::::::*
	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:::::::*
	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:::::::*
	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:::::::*
	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:::::::*
	cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:::::::*
	cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:::::::*
	cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:::::::*
	cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:::::::*
	cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:::::::*
	cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:::::::*
	cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:::::::*
	cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:::::::*
	cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:::::::*
	cpe:2.3:a:oracle:blockchain_platform::::::::
	cpe:2.3:a:oracle:commerce_guided_search:11.3.2:::::::*
	cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:::::::*
	cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:::::::*
	cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:::::::*
	cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:::::::*
	cpe:2.3:a:oracle:communications_session_report_manager::::::::
	cpe:2.3:a:oracle:communications_session_route_manager::::::::
	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
	cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:::::::*
	cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:::::::*
	cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:::::::*
	cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:::::::*
	cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:::::::*
	cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*
	cpe:2.3:o:oracle:communications_messaging_server:8.0.2:::::::*
	cpe:2.3:o:oracle:communications_messaging_server:8.1:::::::*

Package	CPE	Advisory	Released Date
Red Hat EAP-XP 2.0.0 via EAP 7.3.x base
bouncycastle	cpe:/a:redhat:jbosseapxp	RHSA-2021:2755	2021-07-15T00:00:00Z
Red Hat EAP-XP via EAP 7.3.x base
bouncycastle	cpe:/a:redhat:jbosseapxp	RHSA-2021:2210	2021-06-02T00:00:00Z
Red Hat Fuse 7.8.1
karaf	cpe:/a:redhat:jboss_fuse:7	RHSA-2021:1401	2021-04-27T00:00:00Z
spring-boot-2	cpe:/a:redhat:jboss_fuse:7	RHSA-2021:1401	2021-04-27T00:00:00Z
Red Hat Fuse 7.9
bouncycastle	cpe:/a:redhat:jboss_fuse:7	RHSA-2021:3140	2021-08-11T00:00:00Z
Red Hat Integration
bouncycastle	cpe:/a:redhat:integration:1	RHSA-2021:3205	2021-08-18T00:00:00Z
Red Hat Integration Camel Quarkus 2
bouncycastle	cpe:/a:redhat:camel_quarkus:2.2	RHSA-2021:4767	2021-11-23T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
bouncycastle	cpe:/a:redhat:jboss_enterprise_application_platform:7.3	RHSA-2021:0885	2021-03-16T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7	RHSA-2024:10208	2024-11-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6
eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6	RHSA-2021:0872	2021-03-16T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7
eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7	RHSA-2021:0873	2021-03-16T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8
eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8	RHSA-2021:0874	2021-03-16T00:00:00Z
Red Hat Single Sign-On 7.4.6
bouncycastle	cpe:/a:redhat:red_hat_single_sign_on:7	RHSA-2021:0974	2021-03-23T00:00:00Z

References

Link	Providers
https://github.com/bcgit/bc-java/wiki/CVE-2020-28052
https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E
https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-28052
https://www.bouncycastle.org/releasenotes.html
https://www.cve.org/CVERecord?id=CVE-2020-28052
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/

History

Mon, 25 Nov 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform Eus
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
Vendors & Products		Redhat jboss Enterprise Application Platform Eus

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-12-18T00:52:48

Updated: 2024-08-04T16:33:56.942Z

Reserved: 2020-11-02T00:00:00

Link: CVE-2020-28052

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-12-18T01:15:12.587

Modified: 2024-11-21T05:22:17.200

Link: CVE-2020-28052

Redhat

Severity : Important

Publid Date: 2020-12-18T00:00:00Z

Links: CVE-2020-28052 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-25T16:17:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bouncycastle.org/releasenotes.html"}, {"name": "[druid-commits] 20210107 [GitHub] [druid] jon-wei opened a new pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3E"}, {"name": "[kafka-jira] 20210107 [GitHub] [kafka] cyrusv opened a new pull request #9845: MINOR: Bump Bouncy Castle Dep to resolve CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d%40%3Cjira.kafka.apache.org%3E"}, {"name": "[druid-commits] 20210107 [GitHub] [druid] clintropolis merged pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E"}, {"name": "[pulsar-commits] 20210119 [GitHub] [pulsar] fmiguelez opened a new issue #9235: Upgrade Bounce Castle dependency on client to solve CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53%40%3Ccommits.pulsar.apache.org%3E"}, {"name": "[druid-commits] 20210127 [druid] 01/02: Update deps for CVE-2020-28168 and CVE-2020-28052 (#10733)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3E"}, {"name": "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari commented on issue #9235: Upgrade Bounce Castle dependency on client to solve CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc%40%3Ccommits.pulsar.apache.org%3E"}, {"name": "[solr-issues] 20210525 [jira] [Created] (SOLR-15431) Security vulnerability with Bouncy Castle library within Apache Solr 8.8.2", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-28052"}, {"tags": ["x_refsource_MISC"], "url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "[karaf-issues] 20210810 [jira] [Created] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210810 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210810 [jira] [Commented] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.69 artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210817 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210817 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210820 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210824 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210824 [jira] [Resolved] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-28052", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.bouncycastle.org/releasenotes.html", "refsource": "MISC", "url": "https://www.bouncycastle.org/releasenotes.html"}, {"name": "[druid-commits] 20210107 [GitHub] [druid] jon-wei opened a new pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E"}, {"name": "[kafka-jira] 20210107 [GitHub] [kafka] cyrusv opened a new pull request #9845: MINOR: Bump Bouncy Castle Dep to resolve CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E"}, {"name": "[druid-commits] 20210107 [GitHub] [druid] clintropolis merged pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E"}, {"name": "[pulsar-commits] 20210119 [GitHub] [pulsar] fmiguelez opened a new issue #9235: Upgrade Bounce Castle dependency on client to solve CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E"}, {"name": "[druid-commits] 20210127 [druid] 01/02: Update deps for CVE-2020-28168 and CVE-2020-28052 (#10733)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E"}, {"name": "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari commented on issue #9235: Upgrade Bounce Castle dependency on client to solve CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E"}, {"name": "[solr-issues] 20210525 [jira] [Created] (SOLR-15431) Security vulnerability with Bouncy Castle library within Apache Solr 8.8.2", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E"}, {"name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"name": "https://github.com/bcgit/bc-java/wiki/CVE-2020-28052", "refsource": "MISC", "url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-28052"}, {"name": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/", "refsource": "MISC", "url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/"}, {"name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "[karaf-issues] 20210810 [jira] [Created] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210810 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210810 [jira] [Commented] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.69 artifacts to mitigate CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210817 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210817 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210820 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210824 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210824 [jira] [Resolved] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:33:56.942Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.bouncycastle.org/releasenotes.html"}, {"name": "[druid-commits] 20210107 [GitHub] [druid] jon-wei opened a new pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3E"}, {"name": "[kafka-jira] 20210107 [GitHub] [kafka] cyrusv opened a new pull request #9845: MINOR: Bump Bouncy Castle Dep to resolve CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d%40%3Cjira.kafka.apache.org%3E"}, {"name": "[druid-commits] 20210107 [GitHub] [druid] clintropolis merged pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E"}, {"name": "[pulsar-commits] 20210119 [GitHub] [pulsar] fmiguelez opened a new issue #9235: Upgrade Bounce Castle dependency on client to solve CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53%40%3Ccommits.pulsar.apache.org%3E"}, {"name": "[druid-commits] 20210127 [druid] 01/02: Update deps for CVE-2020-28168 and CVE-2020-28052 (#10733)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3E"}, {"name": "[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari commented on issue #9235: Upgrade Bounce Castle dependency on client to solve CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc%40%3Ccommits.pulsar.apache.org%3E"}, {"name": "[solr-issues] 20210525 [jira] [Created] (SOLR-15431) Security vulnerability with Bouncy Castle library within Apache Solr 8.8.2", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-28052"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"name": "[karaf-issues] 20210810 [jira] [Created] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210810 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210810 [jira] [Commented] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.69 artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210817 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210817 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210820 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210824 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E"}, {"name": "[karaf-issues] 20210824 [jira] [Resolved] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-28052", "datePublished": "2020-12-18T00:52:48", "dateReserved": "2020-11-02T00:00:00", "dateUpdated": "2024-08-04T16:33:56.942Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.65:*:*:*:*:*:*:*", "matchCriteriaId": "2376544D-C966-4800-B6B6-B50E5EEAB485", "vulnerable": true}, {"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.66:*:*:*:*:*:*:*", "matchCriteriaId": "53F165CD-778A-4EC6-B6EF-530988A13730", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:karaf:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "39A638A5-E448-4516-A916-7D6E79168D1A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0CF9A061-2421-426D-9854-0A4E55B2961D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F95EDC3D-54BB-48F9-82F2-7CCF335FCA78", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B72B735F-4E52-484A-9C2C-23E6E2070385", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8B36A1D4-F391-4EE3-9A65-0A10568795BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "0275F820-40BE-47B8-B167-815A55DF578E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C8E145E-1DF0-4B18-B625-F04DF71F6ACF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EABAFD73-150F-4DFE-B721-29EB4475D979", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A45D47B-3401-49CF-92EE-79D007D802A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6A8420D4-AAF1-44AA-BF28-48EE3ED310B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FB80AC5-35F2-4703-AD93-416B46972EEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "19DAAEFF-AB4A-4D0D-8C86-D2F2811B53B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D1534C11-E3F5-49F3-8F8D-7C5C90951E69", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D952E04D-DE2D-4AE0-BFE6-7D9B7E55AC80", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1111BCFD-E336-4B31-A87E-76C684AC6DE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7", "versionEndExcluding": "21.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:*", "matchCriteriaId": "441FD998-ABE6-4377-AAFA-FEAE42352FE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "ADE6EF8F-1F05-429B-A916-76FDB20CEB81", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B7C949D-0AB3-4566-9096-014C82FC1CF1", "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0BDC1A4-FA97-4BF9-93B8-BA3E5775C475", "versionEndIncluding": "8.2.4", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E561CFF-BB8A-4CFD-916D-4410A9265922", "versionEndIncluding": "9.2.5.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E819270D-AA7D-4B0E-990B-D25AB6E46FBC", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "7569C0BD-16C1-441E-BAEB-840C94BE73EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Legion of the Bouncy Castle BC Java versiones 1.65 y 1.66. El m\u00e9todo de la utilidad OpenBSDBCrypt.checkPassword compar\u00f3 datos incorrectos al comprobar la contrase\u00f1a, permitiendo a unas contrase\u00f1as incorrectas indicar que coinciden con otras previamente en hash que eran diferentes"}], "id": "CVE-2020-28052", "lastModified": "2024-11-21T05:22:17.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-18T01:15:12.587", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-28052"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53%40%3Ccommits.pulsar.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc%40%3Ccommits.pulsar.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d%40%3Cjira.kafka.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.bouncycastle.org/releasenotes.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-28052"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe%40%3Cissues.karaf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53%40%3Ccommits.pulsar.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a%40%3Ccommits.druid.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013%40%3Cissues.karaf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b%40%3Cissues.karaf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc%40%3Ccommits.pulsar.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc%40%3Cissues.karaf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94%40%3Cissues.karaf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f%40%3Ccommits.druid.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c%40%3Cissues.karaf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21%40%3Cissues.karaf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31%40%3Cissues.karaf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d%40%3Cjira.kafka.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e%40%3Ccommits.druid.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402%40%3Cissues.karaf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2%40%3Cissues.karaf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.bouncycastle.org/releasenotes.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:2755", "cpe": "cpe:/a:redhat:jbosseapxp", "impact": "moderate", "package": "bouncycastle", "product_name": "Red Hat EAP-XP 2.0.0 via EAP 7.3.x base", "release_date": "2021-07-15T00:00:00Z"}, {"advisory": "RHSA-2021:2210", "cpe": "cpe:/a:redhat:jbosseapxp", "impact": "moderate", "package": "bouncycastle", "product_name": "Red Hat EAP-XP via EAP 7.3.x base", "release_date": "2021-06-02T00:00:00Z"}, {"advisory": "RHSA-2021:1401", "cpe": "cpe:/a:redhat:jboss_fuse:7", "impact": "moderate", "package": "karaf", "product_name": "Red Hat Fuse 7.8.1", "release_date": "2021-04-27T00:00:00Z"}, {"advisory": "RHSA-2021:1401", "cpe": "cpe:/a:redhat:jboss_fuse:7", "impact": "moderate", "package": "spring-boot-2", "product_name": "Red Hat Fuse 7.8.1", "release_date": "2021-04-27T00:00:00Z"}, {"advisory": "RHSA-2021:3140", "cpe": "cpe:/a:redhat:jboss_fuse:7", "impact": "moderate", "package": "bouncycastle", "product_name": "Red Hat Fuse 7.9", "release_date": "2021-08-11T00:00:00Z"}, {"advisory": "RHSA-2021:3205", "cpe": "cpe:/a:redhat:integration:1", "impact": "moderate", "package": "bouncycastle", "product_name": "Red Hat Integration", "release_date": "2021-08-18T00:00:00Z"}, {"advisory": "RHSA-2021:4767", "cpe": "cpe:/a:redhat:camel_quarkus:2.2", "impact": "moderate", "package": "bouncycastle", "product_name": "Red Hat Integration Camel Quarkus 2", "release_date": "2021-11-23T00:00:00Z"}, {"advisory": "RHSA-2021:0885", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "impact": "moderate", "package": "bouncycastle", "product_name": "Red Hat JBoss Enterprise Application Platform 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2024:10208", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "package": "eap7-bouncycastle-0:1.68.0-1.redhat_00005.1.ep7.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7", "release_date": "2024-11-25T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "impact": "moderate", "package": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "impact": "moderate", "package": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "impact": "moderate", "package": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0974", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "impact": "moderate", "package": "bouncycastle", "product_name": "Red Hat Single Sign-On 7.4.6", "release_date": "2021-03-23T00:00:00Z"}], "bugzilla": {"description": "bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible", "id": "1912881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-287", "details": ["An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.", "A flaw was found in bouncycastle. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "mitigation": {"lang": "en:us", "value": "Users unable to upgrade to version 1.67 or greater can copy the `OpenBSDBCrypt.doCheckPassword()` method implementation (https://github.com/bcgit/bc-java/blob/r1rv67/core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java#L259-L343) into their own utility class and supplement it with the required methods and variables as required"}, "name": "CVE-2020-28052", "package_state": [{"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "bouncycastle", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "bouncycastle", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "bouncycastle", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "bouncycastle", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "bouncycastle", "product_name": "Red Hat support for Spring Boot"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "bouncycastle", "product_name": "Red Hat Virtualization 4"}], "public_date": "2020-12-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-28052\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-28052"], "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object