What is CVE-2020-28052?

CVE-2020-28052 is a high-severity vulnerability in Apache Karaf. CVSS score: 8.1/10. Published 2020-12-18.

How severe is CVE-2020-28052?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2020-28052 known to be exploited?

18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Karaf

CVE-2020-28052

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching wi…

EPSS: 0.071 (93.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Apache Karaf — versions 4.3.2
Bouncycastle Bc-java — versions 1.65, 1.66
Oracle Banking_corporate_lending_process_management — versions 14.2.0, 14.3.0, 14.5.0
Oracle Banking_credit_facilities_process_management — versions 14.2.0, 14.3.0, 14.5.0
Oracle Banking_extensibility_workbench — versions 14.2.0, 14.3.0, 14.5.0
Oracle Banking_supply_chain_finance — versions 14.2.0, 14.3.0, 14.5.0
Oracle Banking_virtual_account_management — versions 14.2.0, 14.3.0, 14.5.0
Oracle Blockchain_platform
Oracle Commerce_guided_search — versions 11.3.2
Oracle Communications_application_session_controller — versions 3.9m0p3

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_MISC, Release Notes, Vendor Advisory)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (mailing-list, x_refsource_MLIST)
cve@mitre.org (Patch, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (Patch, Third Party Advisory, x_refsource_MISC, Mitigation)

Frequently asked questions

What is CVE-2020-28052?: CVE-2020-28052 is a high-severity vulnerability in Apache Karaf. CVSS score: 8.1/10. Published 2020-12-18.
How severe is CVE-2020-28052?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2020-28052 known to be exploited?: 18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.