Sign-up

ID

VAR-202006-1685


CVE

CVE-2020-6752


TITLE

OMERO.server information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-20274 // CNNVD: CNNVD-202006-1191

DESCRIPTION

In OMERO before 5.6.1, group owners can access members' data in other groups. OMERO There is an information leakage vulnerability in.Information may be obtained and tampered with. OMERO.server is an image server of the Open Microscopy Environment team. There are security vulnerabilities in OMERO.server versions before 5.6.1

Trust: 2.16

sources: NVD: CVE-2020-6752 // JVNDB: JVNDB-2020-006762 // CNVD: CNVD-2021-20274

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-20274

AFFECTED PRODUCTS

vendor:openmicroscopymodel:omeroscope:ltversion:5.6.1

Trust: 1.0

vendor:open microscopy environmentmodel:omeroscope:eqversion:5.6.1

Trust: 0.8

vendor:openmodel:microscopy environment omero.serverscope:ltversion:5.6.1

Trust: 0.6

sources: CNVD: CNVD-2021-20274 // JVNDB: JVNDB-2020-006762 // NVD: CVE-2020-6752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6752
value: LOW

Trust: 1.0

NVD: JVNDB-2020-006762
value: LOW

Trust: 0.8

CNVD: CNVD-2021-20274
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-1191
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2020-6752
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006762
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-20274
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-6752
baseSeverity: LOW
baseScore: 3.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006762
baseSeverity: LOW
baseScore: 3.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-20274 // JVNDB: JVNDB-2020-006762 // CNNVD: CNNVD-202006-1191 // NVD: CVE-2020-6752

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2020-006762 // NVD: CVE-2020-6752

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1191

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202006-1191

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006762

PATCH
title:2019-SV6 Group Owner Contexturl:https://www.openmicroscopy.org/security/advisories/2019-SV6/
Trust: 0.8
title:Patch for OMERO.server information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/253786
Trust: 0.6
title:OMERO.server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121883
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-20274 // 
            
            
            
            JVNDB: JVNDB-2020-006762 // 
            
            
            
            CNNVD: CNNVD-202006-1191

EXTERNAL IDS
db:NVDid:CVE-2020-6752
Trust: 3.0
db:JVNDBid:JVNDB-2020-006762
Trust: 0.8
db:CNVDid:CNVD-2021-20274
Trust: 0.6
db:CNNVDid:CNNVD-202006-1191
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-20274 // 
            
            
            
            JVNDB: JVNDB-2020-006762 // 
            
            
            
            CNNVD: CNNVD-202006-1191 // 
            
            
            
            NVD: CVE-2020-6752

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-6752
Trust: 2.0
url:https://www.openmicroscopy.org/security/advisories/2019-sv6/
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6752
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-20274 // 
            
            
            
            JVNDB: JVNDB-2020-006762 // 
            
            
            
            CNNVD: CNNVD-202006-1191 // 
            
            
            
            NVD: CVE-2020-6752

SOURCES
db:CNVDid:CNVD-2021-20274
db:JVNDBid:JVNDB-2020-006762
db:CNNVDid:CNNVD-202006-1191
db:NVDid:CVE-2020-6752

LAST UPDATE DATE
2024-11-23T21:59:10.286000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-20274date:2021-03-23T00:00:00
db:JVNDBid:JVNDB-2020-006762date:2020-07-17T00:00:00
db:CNNVDid:CNNVD-202006-1191date:2020-06-22T00:00:00
db:NVDid:CVE-2020-6752date:2024-11-21T05:36:07.847

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-20274date:2021-03-19T00:00:00
db:JVNDBid:JVNDB-2020-006762date:2020-07-17T00:00:00
db:CNNVDid:CNNVD-202006-1191date:2020-06-17T00:00:00
db:NVDid:CVE-2020-6752date:2020-06-17T17:15:10.627