Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD89D5BCA6-0150-11EC-BF0C-080027EEDC6A
HistoryJul 04, 2020 - 12:00 a.m.

The Bouncy Castle Crypto APIs -- EC math vulnerability

2020-07-0400:00:00
vuxml.freebsd.org
24

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

47.8%

JSON

The Bouncy Castle team reports::

    Bouncy Castle BC Java before 1.66 has a timing issue within the EC
    math library that can expose information about the private key when
    an attacker is able to observe timing information for the generation
    of multiple deterministic ECDSA signatures.
OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchbouncycastle15< 1.66UNKNOWN
FreeBSDanynoarchbouncycastle< 1.66UNKNOWN

Related

osv 5
redhatcve 1
ubuntucve 1
debiancve 1
ibm 13
suse 2
gitlab 1
openvas 3
github 1
nessus 4
prion 1
veracode 1
cvelist 1
cve 1
cgr 1
nvd 1
redhat 5
hp 1
oracle 1
osv
osv
Timing based private key exposure in Bouncy Castle
2021-08-13 15:22:31
CGA-p736-f9r6-77r7
2024-06-06 12:28:40
CVE-2020-15522
2021-05-20 12:15:08
redhatcve
redhatcve
CVE-2020-15522
2021-05-20 17:45:56
ubuntucve
ubuntucve
CVE-2020-15522
2021-05-20 00:00:00
debiancve
debiancve
CVE-2020-15522
2021-05-20 12:15:08
ibm
ibm
Security Bulletin: PowerSC is vulnerable to information disclosure due to Bouncy Castle (CVE-2020-15522)
2023-01-19 20:15:06
Security Bulletin: A vulnerability in Bouncy Castle affect IBM Watson Machine Learning Accelerator
2021-09-15 02:23:38
Security Bulletin: IBM Robotic Process Automation may be affected by multiple vulnerabilities in open source components (CVE-2019-0820, CVE-2020-15522, CVE-2021-43569)
2022-06-27 16:39:27
suse
suse
Security update for bouncycastle (moderate)
2021-06-29 00:00:00
Security update for bouncycastle (moderate)
2021-07-11 00:00:00
gitlab
gitlab
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
2021-08-13 00:00:00
openvas
openvas
openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2021:2163-1)
2021-07-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2163-1)
2021-06-27 00:00:00
openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2021:0940-1)
2021-06-30 00:00:00
github
github
Timing based private key exposure in Bouncy Castle
2021-08-13 15:22:31
nessus
nessus
openSUSE 15 Security Update : bouncycastle (openSUSE-SU-2021:0940-1)
2021-07-01 00:00:00
FreeBSD : bouncycastle15 -- EC math vulnerability (89d5bca6-0150-11ec-bf0c-080027eedc6a)
2021-08-23 00:00:00
openSUSE 15 Security Update : bouncycastle (openSUSE-SU-2021:2163-1)
2021-07-16 00:00:00
prion
prion
Information disclosure
2021-05-20 12:15:00
veracode
veracode
Information Disclosure
2021-05-24 02:29:03
cvelist
cvelist
CVE-2020-15522
2021-05-20 11:20:18
cve
cve
CVE-2020-15522
2021-05-20 12:15:08
cgr
cgr
CVE-2020-15522 vulnerabilities
2024-05-19 03:07:16
nvd
nvd
CVE-2020-15522
2021-05-20 12:15:08
redhat
redhat
(RHSA-2021:1401) Moderate: Red Hat Fuse 7.8.1 patch release and security update
2021-04-27 08:43:12
(RHSA-2021:2755) Moderate: EAP XP 2 security update to CVE fixes in the EAP 7.3.x base
2021-07-15 15:21:21
(RHSA-2022:1029) Important: Red Hat Integration Camel-K 1.6.4 release and security update
2022-03-23 08:18:30
hp
hp
HP Security Manager - Multiple vulnerabilities
2022-12-12 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

47.8%

JSON
Related for 89D5BCA6-0150-11EC-BF0C-080027EEDC6A
osv5redhatcve1ubuntucve1debiancve1ibm13suse2gitlab1openvas3github1nessus4prion1veracode1cvelist1cve1cgr1nvd1redhat5hp1oracle1