Home

CVE-2020-8022

Description

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.187

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2020-8022 are affected in Tomcat 9.0.35Windows
Vulnerability CVE-2018-8034,CVE-2018-8037,CVE-2020-8022 are affected in Tomcat 9.0.9Windows
Vulnerabilities CVE-2020-8022 are fixed in Apache - tomcat 8.0.53Windows
Vulnerabilities CVE-2020-8022,CVE-2020-11996 are fixed in Apache - tomcat 9.0.35Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4Windows
Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.9Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.6Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.2Windows
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP4 ) tomcat-9.0.35-3.39.1.noarch.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP4 ) tomcat-admin-webapps-9.0.35-3.39.1.noarch.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP4 ) tomcat-docs-webapp-9.0.35-3.39.1.noarch.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP4 ) tomcat-el-3_0-api-9.0.35-3.39.1.noarch.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP4 ) tomcat-javadoc-9.0.35-3.39.1.noarch.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP4 ) tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-9.0.35-3.39.1.noarch_SP5.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP4 ) tomcat-lib-9.0.35-3.39.1.noarch.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-admin-webapps-9.0.35-3.39.1.noarch_SP5.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP4 ) tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-docs-webapp-9.0.35-3.39.1.noarch_SP5.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP4 ) tomcat-webapps-9.0.35-3.39.1.noarch.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-el-3_0-api-9.0.35-3.39.1.noarch_SP5.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-javadoc-9.0.35-3.39.1.noarch_SP5.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-jsp-2_3-api-9.0.35-3.39.1.noarch_SP5.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-lib-9.0.35-3.39.1.noarch_SP5.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-servlet-4_0-api-9.0.35-3.39.1.noarch_SP5.rpmLinux
SUSE-SU-2020:1788-1(SUSE Linux Enterprise Server 12-SP5 ) tomcat-webapps-9.0.35-3.39.1.noarch_SP5.rpmLinux
Vulnerability CVE-2020-8022 are affected in Tomcat 9.0.35 (For Linux)Linux
Vulnerability CVE-2018-8034,CVE-2018-8037,CVE-2020-8022 are affected in Tomcat 9.0.9 (For Linux)Linux
Vulnerabilities CVE-2020-8022 are fixed in Apache - tomcat for Linux 8.0.53Linux
Vulnerabilities CVE-2020-8022,CVE-2020-11996 are fixed in Apache - tomcat for Linux 9.0.35Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234