|
Original Release Date: April 17, 2020 CVE ID CVE-2020-6865 CVSS 3.1 Base Score 4.1 Medium(AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N) Description ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. Affected Products and Fixes Product Name | Affected Version | Resolved Version | OSCP | V16.19.10、V16.19.20 | V16.19.30 |
Source The vulnerability was found by ZTE's internal test. Update Records April 17, 2020, initial. Supporting team contacts 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product forum at ZTE Support website. ZTE PSIRT If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|