What is CVE-2020-27868?

CVE-2020-27868 is a critical-severity vulnerability in Qognify Ocularis, classified under Deserialization of Untrusted Data. CVSS score: 9.8/10. Published 2021-02-11.

How severe is CVE-2020-27868?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Deserialization in Qognify Ocularis

CVE-2020-27868

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of ser…

Vulnerability class: Insecure Deserialization

EPSS: 0.687 (98.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Qognify Ocularis — versions 5.9.0.395

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

www.zerodayinitiative.com/advisories/ZDI-20-1453/ (x_refsource_MISC)
www.qognify.com/support-training/software-downloads/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-27868?: CVE-2020-27868 is a critical-severity vulnerability in Qognify Ocularis, classified under Deserialization of Untrusted Data. CVSS score: 9.8/10. Published 2021-02-11.
How severe is CVE-2020-27868?: Critical severity. CVSS v3 base score is 9.8 out of 10.