Vulnerability CVE-2020-15803

Vulnerability Name:

CVE-2020-15803 (CCN-185465)

Assigned:

2020-05-27

Published:

2020-05-27

Updated:

2023-04-12

Summary:

CVSS v3 Severity:

6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-15803

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
zabbix-cve202015803-xss(185465)

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: CCN
Type: ZBX-18057
Stored Cross Site Scripting attack on URL widget (CVE-2020-15803)

Source: cve@mitre.org
Type: Patch, Vendor Advisory
cve@mitre.org

Source: CCN
Type: Zabbix Web site
Zabbix

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202015803	V	CVE-2020-15803	2022-09-02
oval:org.opensuse.security:def:113623	P	zabbix-agent-4.0.32-1.4 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:24048	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:64643	P	Security update for kernel-firmware (Low)	2021-12-30
oval:org.opensuse.security:def:24012	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:24000	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:61100	P	Security update for the Linux Kernel (Important)	2021-11-19
oval:org.opensuse.security:def:107005	P	zabbix-agent-4.0.32-1.4 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:61537	P	liblzo2-2-2.10-2.22 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:23670	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:64751	P	Security update for libvirt (Moderate)	2021-08-23
oval:org.opensuse.security:def:46886	P	ant-1.9.4-1.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47757	P	libopus0-1.1-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47704	P	libexempi3-2.2.1-5.7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47066	P	libproxy1-0.4.13-16.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46997	P	libXrandr2-1.5.0-6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46966	P	hardlink-1.0-6.38 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46903	P	bzip2-1.0.6-29.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:63128	P	python-azure-agent-2.2.49.2-3.20.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63100	P	postgresql10-10.16-8.29.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63096	P	libopenssl-1_0_0-devel-1.0.2p-3.37.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63499	P	libvorbis0-32bit-1.3.6-4.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63361	P	openssh-fips-8.4p1-1.30 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62786	P	libgxps-devel-0.3.0-4.3.29 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62836	P	wavpack-5.4.0-4.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62737	P	emacs-x11-25.3-3.6.51 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62060	P	dbus-1-glib-0.108-1.29 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:64548	P	Security update for curl (Moderate)	2021-07-21
oval:org.opensuse.security:def:23624	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:61077	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:62880	P	xorg-x11-server-sdk-1.19.6-6.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:62869	P	perl-Archive-Extract-0.80-1.24 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46842	P	shim-0.9-2.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46760	P	libpoppler-glib8-0.24.4-3.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46549	P	pcsc-ccid-1.4.14-1.42 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46407	P	docker-1.2.0-3.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46835	P	rpcbind-0.2.1_rc4-16.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61266	P	libpcre2-16-0-10.31-1.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:63103	P	kernel-default-livepatch-4.12.14-23.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64507	P	Security update for hivex (Moderate)	2021-05-26
oval:org.opensuse.security:def:23554	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:45072	P	Security update for openldap2 (Important)	2021-04-16
oval:org.opensuse.security:def:23735	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:64644	P	Security update for subversion (Important)	2021-02-10
oval:org.opensuse.security:def:23924	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:61078	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:45071	P	Security update for openldap2 (Moderate)	2021-01-14
oval:org.opensuse.security:def:23877	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:62703	P	libthai0-32bit-0.1.27-1.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62699	P	libsrt1-1.3.4-1.45 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62607	P	vino-3.22.0-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63599	P	pidgin-plugin-otr-4.0.2-1.61 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63306	P	subversion-server-1.10.6-3.6.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62679	P	liblouis-data-3.11.0-1.42 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62506	P	avahi-autoipd-0.7-1.21 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62378	P	docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-6.35.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61855	P	libopenssl-devel-1.1.1d-1.46 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62680	P	libmad-devel-0.15.1b-3.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61728	P	dhcp-4.3.5-6.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63159	P	libfpm_pb0-1.1.1-2.29 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:45706	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:45577	P	Security update for libcroco (Moderate)	2020-12-01
oval:org.opensuse.security:def:45496	P	Security update for patch (Important)	2020-12-01
oval:org.opensuse.security:def:64292	P	libFS-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:45375	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:45193	P	Security update for wget (Important)	2020-12-01
oval:org.opensuse.security:def:45083	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:64178	P	Security update for raptor (Important)	2020-12-01
oval:org.opensuse.security:def:63949	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:25589	P	Security update for zabbix (Moderate)	2020-12-01
oval:org.opensuse.security:def:24179	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:63802	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25555	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24917	P	Security update for jakarta-commons-fileupload (Important)	2020-12-01
oval:org.opensuse.security:def:24875	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:24861	P	Security update for python, python-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:46319	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:74614	P	Security update for zabbix (Moderate)	2020-12-01
oval:org.opensuse.security:def:46191	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:74488	P	Security update for opencv (Moderate)	2020-12-01
oval:org.opensuse.security:def:46003	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:45886	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:64436	P	perl-Mail-SpamAssassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:45874	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:64394	P	libtiff-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46197	P	Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:23438	P	Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:46134	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:23385	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:46105	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:46048	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:75098	P	Security update for zabbix (Moderate)	2020-12-01
oval:org.opensuse.security:def:24776	P	Security update for graphviz (Low)	2020-12-01
oval:org.opensuse.security:def:74965	P	Security update for nasm (Moderate)	2020-12-01
oval:org.opensuse.security:def:24725	P	Security update for targetcli-fb (Moderate)	2020-12-01
oval:org.opensuse.security:def:65023	P	Security update for libjpeg-turbo (Moderate)	2020-12-01
oval:org.opensuse.security:def:24578	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:64911	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:24500	P	Security update for rsyslog (Important)	2020-12-01
oval:org.opensuse.security:def:64853	P	Security update for polkit (Important)	2020-12-01
oval:org.opensuse.security:def:45873	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:24447	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:24370	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (Important)	2020-12-01
oval:org.opensuse.security:def:64186	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:24248	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:64052	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:24188	P	Security update for libsolv (Moderate)	2020-12-01
oval:org.opensuse.security:def:63725	P	Security update for elfutils (Low)	2020-12-01
oval:org.opensuse.security:def:24718	P	Security update for zabbix (Moderate)	2020-12-01
oval:org.opensuse.security:def:23377	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:45990	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:24686	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:45912	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:100242	P	(Important)	2020-11-12
oval:org.opensuse.security:def:96372	P	Security update for zabbix (Moderate)	2020-10-04
oval:org.opensuse.security:def:109719	P	Security update for zabbix (Moderate)	2020-10-04
oval:org.opensuse.security:def:110238	P	Security update for zabbix (Moderate)	2020-10-04
oval:org.opensuse.security:def:93529	P	Security update for zabbix (Moderate)	2020-10-04
oval:org.opensuse.security:def:103062	P	Security update for zabbix (Moderate)	2020-10-04
oval:org.opensuse.security:def:110793	P	Security update for zabbix (Moderate)	2020-10-04
oval:org.opensuse.security:def:87193	P	Security update for zabbix (Moderate)	2020-08-17

BACK