CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-8859

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ELOG Electronic Logbook 3.1.4-283534d. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP parameters. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition. Was ZDI-CAN-10115.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.018

EPSS Ranking 82.3%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://elog.psi.ch/elogs/Forum/69114
https://www.zerodayinitiative.com/advisories/ZDI-20-252/
https://elog.psi.ch/elogs/Forum/69114
https://www.zerodayinitiative.com/advisories/ZDI-20-252/

Products affected by CVE-2020-8859

Psi » Electronic Logbook » Version: 3.1.4-283534d

cpe:2.3:a:psi:electronic_logbook:3.1.4-283534d

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8859

Products

Pricing

Contact Us