CVE-2020-6865 Information

Description

ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program’s failure to optimize the response of failure to the request the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. This affects: OSCP versions V16.19.10 and V16.19.20.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012782

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5