What is CVE-2020-9315?

CVE-2020-9315 is a vulnerability in N/a. Published 2020-05-10.

Is CVE-2020-9315 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-9315

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a rela…

EPSS: 0.879 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

www.oracle.com/support/lifetime-support/ (x_refsource_MISC)
www.oracle.com/us/assets/lifetime-support-middleware-069163.pdf (x_refsource_MISC)
wwws.nightwatchcybersecurity.com/2020/05/10/two-vulnerabilities-in-oracles-ipla… (x_refsource_MISC)
20200512 Two vulnerabilities in Oracle's iPlanet Web Server (CVE-2020-9315 and CVE-2020-9314) (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2020-9315?: CVE-2020-9315 is a vulnerability in N/a. Published 2020-05-10.
Is CVE-2020-9315 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.