CVE-2020-14301 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 49%

Vendor	Product	Version
redhat	libvirt	6.2.0 ≤ 𝑥 < 6.3.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux_eus	8.4
redhat	enterprise_linux_for_ibm_z_systems	8.0
redhat	enterprise_linux_for_ibm_z_systems_eus	8.4
redhat	enterprise_linux_for_power_little_endian	8.0
redhat	enterprise_linux_for_power_little_endian_eus	8.4
redhat	enterprise_linux_server_aus	8.4
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.4
redhat	enterprise_linux_server_update_services_for_sap_solutions	8.4
redhat	enterprise_linux_tus	8.4
netapp	ontap_select_deploy_administration_utility	-
redhat	codeready_linux_builder	-

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libvirt

bullseye	7.0.0-3+deb11u3 fixed
bookworm	9.0.0-4+deb12u1 fixed
sid	10.9.0-1 fixed
trixie	10.9.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libvirt

hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

Common Weakness Enumeration

CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1848640

https://security.netapp.com/advisory/ntap-20210629-0007/

https://bugzilla.redhat.com/show_bug.cgi?id=1848640

https://security.netapp.com/advisory/ntap-20210629-0007/