CVE-2020-28052 - 漏洞详情

CVE-2020-28052 (CNNVD-202012-1340)

HIGH

中文标题:

Bouncy Castle BC 安全漏洞

英文标题:

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.chec...

CVSS分数: 8.1

发布时间: 2020-12-18 00:52:48

漏洞类型: 其他

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Bouncy Castle BC是Bouncy Castle组织的一个用于C＃和Java应用程序的加密库。 Bouncy Castle BC 中存在安全漏洞。该漏洞源于检查密码时比较了不正确的数据。

英文描述:

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

CWE类型:

（暂无数据）

受影响产品

厂商	产品	版本	版本范围	平台	CPE
bouncycastle	bc-java	1.65	-	-	`cpe:2.3:a:bouncycastle:bc-java:1.65:::::::*`
bouncycastle	bc-java	1.66	-	-	`cpe:2.3:a:bouncycastle:bc-java:1.66:::::::*`
apache	karaf	4.3.2	-	-	`cpe:2.3:a:apache:karaf:4.3.2:::::::*`
oracle	banking_corporate_lending_process_management	14.2.0	-	-	`cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:::::::*`
oracle	banking_corporate_lending_process_management	14.3.0	-	-	`cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:::::::*`
oracle	banking_corporate_lending_process_management	14.5.0	-	-	`cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:::::::*`
oracle	banking_credit_facilities_process_management	14.2.0	-	-	`cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:::::::*`
oracle	banking_credit_facilities_process_management	14.3.0	-	-	`cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:::::::*`
oracle	banking_credit_facilities_process_management	14.5.0	-	-	`cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:::::::*`
oracle	banking_extensibility_workbench	14.2.0	-	-	`cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:::::::*`
oracle	banking_extensibility_workbench	14.3.0	-	-	`cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:::::::*`
oracle	banking_extensibility_workbench	14.5.0	-	-	`cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:::::::*`
oracle	banking_supply_chain_finance	14.2.0	-	-	`cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:::::::*`
oracle	banking_supply_chain_finance	14.3.0	-	-	`cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:::::::*`
oracle	banking_supply_chain_finance	14.5.0	-	-	`cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:::::::*`
oracle	banking_virtual_account_management	14.2.0	-	-	`cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:::::::*`
oracle	banking_virtual_account_management	14.3.0	-	-	`cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:::::::*`
oracle	banking_virtual_account_management	14.5.0	-	-	`cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:::::::*`
oracle	blockchain_platform	*	-	-	`cpe:2.3:a:oracle:blockchain_platform::::::::`
oracle	commerce_guided_search	11.3.2	-	-	`cpe:2.3:a:oracle:commerce_guided_search:11.3.2:::::::*`
oracle	communications_application_session_controller	3.9m0p3	-	-	`cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:::::::*`
oracle	communications_cloud_native_core_network_slice_selection_function	1.2.1	-	-	`cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:::::::*`
oracle	communications_convergence	3.0.2.2.0	-	-	`cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:::::::*`
oracle	communications_pricing_design_center	12.0.0.3.0	-	-	`cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:::::::*`
oracle	communications_session_report_manager	*	-	-	`cpe:2.3:a:oracle:communications_session_report_manager::::::::`
oracle	communications_session_route_manager	*	-	-	`cpe:2.3:a:oracle:communications_session_route_manager::::::::`
oracle	jd_edwards_enterpriseone_tools	*	-	-	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::`
oracle	peoplesoft_enterprise_peopletools	8.56	-	-	`cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::*`
oracle	peoplesoft_enterprise_peopletools	8.57	-	-	`cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*`
oracle	peoplesoft_enterprise_peopletools	8.58	-	-	`cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*`
oracle	utilities_framework	4.3.0.6.0	-	-	`cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:::::::*`
oracle	utilities_framework	4.4.0.0.0	-	-	`cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:::::::*`
oracle	utilities_framework	4.4.0.2.0	-	-	`cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:::::::*`
oracle	utilities_framework	4.4.0.3.0	-	-	`cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:::::::*`
oracle	webcenter_portal	11.1.1.9.0	-	-	`cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:::::::*`
oracle	webcenter_portal	12.2.1.3.0	-	-	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*`
oracle	webcenter_portal	12.2.1.4.0	-	-	`cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*`
oracle	communications_messaging_server	8.0.2	-	-	`cpe:2.3:o:oracle:communications_messaging_server:8.0.2:::::::*`
oracle	communications_messaging_server	8.1	-	-	`cpe:2.3:o:oracle:communications_messaging_server:8.1:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

无标题 x_refsource_MISC
cve.org

访问

[druid-commits] 20210107 [GitHub] [druid] jon-wei opened a new pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052 mailing-list
cve.org

访问

[kafka-jira] 20210107 [GitHub] [kafka] cyrusv opened a new pull request #9845: MINOR: Bump Bouncy Castle Dep to resolve CVE-2020-28052 mailing-list
cve.org

访问

[druid-commits] 20210107 [GitHub] [druid] clintropolis merged pull request #10733: Update deps for CVE-2020-28168 and CVE-2020-28052 mailing-list
cve.org

访问

[pulsar-commits] 20210119 [GitHub] [pulsar] fmiguelez opened a new issue #9235: Upgrade Bounce Castle dependency on client to solve CVE-2020-28052 mailing-list
cve.org

访问

[druid-commits] 20210127 [druid] 01/02: Update deps for CVE-2020-28168 and CVE-2020-28052 (#10733) mailing-list
cve.org

访问

[pulsar-commits] 20210406 [GitHub] [pulsar] lhotari commented on issue #9235: Upgrade Bounce Castle dependency on client to solve CVE-2020-28052 mailing-list
cve.org

访问

[solr-issues] 20210525 [jira] [Created] (SOLR-15431) Security vulnerability with Bouncy Castle library within Apache Solr 8.8.2 mailing-list
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

[karaf-issues] 20210810 [jira] [Created] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052 mailing-list
cve.org

访问

[karaf-issues] 20210810 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052 mailing-list
cve.org

访问

[karaf-issues] 20210810 [jira] [Commented] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052 mailing-list
cve.org

访问

[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov artifacts to mitigate CVE-2020-28052 mailing-list
cve.org

访问

[karaf-issues] 20210816 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.69 artifacts to mitigate CVE-2020-28052 mailing-list
cve.org

访问

[karaf-issues] 20210817 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052 mailing-list
cve.org

访问

[karaf-issues] 20210817 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052 mailing-list
cve.org

访问

[karaf-issues] 20210820 [jira] [Updated] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052 mailing-list
cve.org

访问

[karaf-issues] 20210824 [jira] [Commented] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052 mailing-list
cve.org

访问

[karaf-issues] 20210824 [jira] [Resolved] (KARAF-7240) Upgrade bcprov 1.68 artifacts to mitigate CVE-2020-28052 mailing-list
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

CVSS评分详情

8.1

HIGH

CVSS向量: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS版本: 3.1

机密性

HIGH

完整性

HIGH

可用性

HIGH

时间信息

发布时间:

2020-12-18 00:52:48

修改时间:

2024-08-04 16:33:56

创建时间:

2025-11-11 15:36:16

更新时间:

2025-11-11 15:56:32

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2020-28052`	2025-11-11 15:20:33	2025-11-11 07:36:16
NVD	`nvd_CVE-2020-28052`	2025-11-11 14:57:07	2025-11-11 07:44:41
CNNVD	`cnnvd_CNNVD-202012-1340`	2025-11-11 15:10:33	2025-11-11 07:56:32

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:56:32

vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-202012-1340; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 其他
cnnvd_id: 未提取 -> CNNVD-202012-1340
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:44:41

severity: SeverityLevel.MEDIUM → SeverityLevel.HIGH; cvss_score: 未提取 → 8.1; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 0 → 39; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
cvss_score: 未提取 -> 8.1
cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss_version: NOT_EXTRACTED -> 3.1
affected_products_count: 0 -> 39
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2020-28052 (CNNVD-202012-1340)

中文标题:

Bouncy Castle BC 安全漏洞

英文标题:

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.chec...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史