Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2020-8022
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1..
CVSSv2.0 Score
- Severity
- High
- Base Score
- 7.2/10
- Exploit Score
- 3.9/10
- Access Vector
- Local
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 10/10
- Confidentiality Impact
- Complete
- Availability Impact
- Complete
- Integrity Impact
- Complete
CVSSv3.1 Score
- Severity
- High
- Base Score
- 7.8/10
- Exploit Score
- 1.8/10
- Access Vector
- Local
- Access Complexity
- Low
- Privileges Required
- Low
- Impact Score
- 5.9/10
- Confidentiality Impact
- High
- Availability Impact
- High
- Integrity Impact
- High
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Yes
|
- | 8.0.53-29.32.1 | |
cpe:2.3:a:suse:enterprise_storage:5.0:*:*:*:*:*:*:* |
No
|
- | ||
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Yes
|
- | 8.0.53-29.32.1 | |
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:* |
No
|
- | ||
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Yes
|
- | 8.0.53-29.32.1 | |
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:* |
No
|
- | ||
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Yes
|
- | 8.0.53-29.32.1 | |
cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:*:*:* |
No
|
- | ||
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Yes
|
- | 8.0.53-29.32.1 | |
cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:ltss:*:*:* |
No
|
- | ||
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Yes
|
- | 8.0.53-29.32.1 | |
cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:sap:*:* |
No
|
- | ||
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Yes
|
- | 8.0.53-29.32.1 | |
cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:sap:*:* |
No
|
- | ||
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Yes
|
- | 8.0.53-29.32.1 | |
cpe:2.3:a:suse:openstack_cloud:7.0:*:*:*:*:*:*:* |
No
|
- | ||
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Yes
|
- | 8.0.53-29.32.1 | |
cpe:2.3:a:suse:openstack_cloud:8.0:*:*:*:*:*:*:* |
No
|
- | ||
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Yes
|
- | 8.0.53-29.32.1 | |
cpe:2.3:a:suse:openstack_cloud_crowbar:8.0:*:*:*:*:*:*:* |
No
|
- | ||
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Yes
|
- | 9.0.35-3.39.1 | |
cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:*:*:*:* |
No
|
- | ||
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Yes
|
- | 9.0.35-3.39.1 | |
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:*:*:* |
No
|
- | ||
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* |
Yes
|
- | 9.0.35-3.57.3 | |
cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:* |
No
|
- |
References
- https://bugzilla.suse.com/show_bug.cgi?id=1172405
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00066.html
- https://lists.apache.org/thread.html/rf50d02409e5732c4ee37f19a193af171251a25a652599ce3c2
- https://lists.apache.org/thread.html/ra87ec20a0f4b226c81c7eed27e5d7433ccdc41e61a8da408a4
- https://lists.apache.org/thread.html/r5be80ba868a11a1f64e4922399f171b8619bca4bc2039f79cf
- https://lists.apache.org/thread.html/r393d4f431683e99c839b4aed68f720b8583bca6c35cd84adcc