CVE-2020-14341 — LOW (2.7) — White Hats Nepal

Q: How severe is CVE-2020-14341?

CVE-2020-14341 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14341?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Single Sign-On.

Vulnerability Description

The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly.

CVSS Score

2.7

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Single Sign-On	>= 7.0, <= 7.4

Related Weaknesses (CWE)

CWE-385

References

https://bugzilla.redhat.com/show_bug.cgi?id=1860138Issue TrackingVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1860138Issue TrackingVendor Advisory

FAQ

What is CVE-2020-14341?

CVE-2020-14341 is a vulnerability with a CVSS score of 2.7 (LOW). The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the us...

How severe is CVE-2020-14341?

CVE-2020-14341 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14341?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Single Sign-On.