CVE-2020-27225 Vulnerability Details

  /     /     /  

CVE-2020-27225 Metadata Quick Info

CVE Published: 09/03/2021 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: eclipse | Vendor: The Eclipse Foundation | Product: Eclipse Platform
Status : PUBLISHED

---

CVE-2020-27225 Description

In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-306
CWE Name: CWE-306: Missing Authentication for Critical Function
Source: The Eclipse Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).