| Vulnerability Name: | CVE-2020-8908 (CCN-192996) | ||||||||||||||||
| Assigned: | 2020-08-27 | ||||||||||||||||
| Published: | 2020-08-27 | ||||||||||||||||
| Updated: | 2023-08-02 | ||||||||||||||||
| Summary: | |||||||||||||||||
| CVSS v3 Severity: | 3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) 2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-8908 Source: XF Type: UNKNOWN guava-cve20208908-sec-bypass(192996) Source: CCN Type: guava GIT Repository Deprecate Files.createTempDir(), noting that better alternatives exist for Android as well as for users running Java 7 or later. Source: cve-coordination@google.com Type: Patch, Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Issue Tracking, Patch, Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: cve-coordination@google.com Type: Exploit, Patch, Third Party Advisory cve-coordination@google.com Source: CCN Type: IBM Security Bulletin 6416147 (Watson Discovery) IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Google Guava Source: CCN Type: IBM Security Bulletin 6453453 (Control Center) Guava Google Core Libraries Vulnerability Affects IBM Control Center (CVE-2020-8908) Source: CCN Type: IBM Security Bulletin 6474843 (QRadar SIEM) IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities Source: CCN Type: IBM Security Bulletin 6479907 (Disconnected Log Collector) IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities Source: CCN Type: IBM Security Bulletin 6493267 (Business Automation Workflow) Multiple vulnerabilities may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) offline documentation Source: CCN Type: IBM Security Bulletin 6505281 (Cloud Pak for Security) IBM Security Risk Manager on CP4S is affected by multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6508583 (Rational DOORS Next Generation) Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products. Source: CCN Type: IBM Security Bulletin 6524700 (Planning Analytics Workspace) IBM Planning Analytics Workspace is affected by security vulnerabilities Source: CCN Type: IBM Security Bulletin 6551876 (Cloud Pak for Security) Cloud Pak for Security uses packages that are vulnerable to multiple CVEs Source: CCN Type: IBM Security Bulletin 6570915 (Data Risk Manager) IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965) Source: CCN Type: IBM Security Bulletin 6572765 (Security Guardium) IBM Security Guardium is affected by multiple vulnerabilities (CVE-2018-10237, CVE-2020-8908) Source: CCN Type: IBM Security Bulletin 6575479 (Watson Speech Services Cartridge for Cloud Pak for Data) A vulnerability with Guava affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2020-8908) Source: CCN Type: IBM Security Bulletin 6595755 (Disconnected Log Collector) IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities Source: CCN Type: IBM Security Bulletin 6598765 (Cloud Transformation Advisor) IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6602625 (i Modernization Engine for Lifecycle Integration) IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6606205 (Tivoli Netcool Manager) There are multiple security vulnerabilities in Apache Storm used by IBM Tivoli Netcool Manager. Source: CCN Type: IBM Security Bulletin 6836819 (Log Analysis) Vulnerability in Guava API affect IBM Operations Analytics - Log Analysis (CVE-2020-8908) Source: cve-coordination@google.com Type: Patch, Third Party Advisory cve-coordination@google.com Source: CCN Type: Oracle Critical Patch Update Advisory - April 2021 Oracle Critical Patch Update Advisory - April 2021 Source: cve-coordination@google.com Type: Patch, Third Party Advisory cve-coordination@google.com Source: CCN Type: Oracle CPUApr2022 Oracle Critical Patch Update Advisory - April 2022 Source: cve-coordination@google.com Type: Patch, Third Party Advisory cve-coordination@google.com Source: CCN Type: Oracle CPUJan2022 Oracle Critical Patch Update Advisory - January 2022 Source: cve-coordination@google.com Type: Third Party Advisory cve-coordination@google.com Source: CCN Type: Oracle CPUJul2021 Oracle Critical Patch Update Advisory - July 2021 Source: CCN Type: Oracle CPUOct2021 Oracle Critical Patch Update Advisory - October 2021 Source: cve-coordination@google.com Type: Patch, Third Party Advisory cve-coordination@google.com | ||||||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||