What is CVE-2020-15098?

CVE-2020-15098 is a high-severity vulnerability in Typo3 Cms, classified under Missing Cryptographic Step. CVSS score: 8.8/10. Published 2020-07-29.

How severe is CVE-2020-15098?

High severity. CVSS v3 base score is 8.8 out of 10.

Information disclosure in Typo3 Cms

CVE-2020-15098

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This al…

EPSS: 0.024 (85.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Typo3 Cms — versions >= 9.0.0, < 9.5.20, >= 10.0.0, 10.4.6

Weakness classification (CWE)

References

github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp (x_refsource_CONFIRM)
typo3.org/security/advisory/typo3-core-sa-2016-013 (x_refsource_MISC)
typo3.org/security/advisory/typo3-core-sa-2020-008 (x_refsource_MISC)
github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-15098?: CVE-2020-15098 is a high-severity vulnerability in Typo3 Cms, classified under Missing Cryptographic Step. CVSS score: 8.8/10. Published 2020-07-29.
How severe is CVE-2020-15098?: High severity. CVSS v3 base score is 8.8 out of 10.