{"containers": {"cna": {"affected": [{"product": "ICA Management Portal", "vendor": "n/a", "versions": [{"status": "affected", "version": "before JHFs R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38"}]}], "descriptions": [{"lang": "en", "value": "Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-10T15:56:12.000Z", "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://supportcontent.checkpoint.com/solutions?id=sk142952"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@checkpoint.com", "ID": "CVE-2020-6020", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ICA Management Portal", "version": {"version_data": [{"version_value": "before JHFs R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20: Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://supportcontent.checkpoint.com/solutions?id=sk142952", "refsource": "MISC", "url": "https://supportcontent.checkpoint.com/solutions?id=sk142952"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:47:41.006Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://supportcontent.checkpoint.com/solutions?id=sk142952"}]}]}, "cveMetadata": {"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "assignerShortName": "checkpoint", "cveId": "CVE-2020-6020", "datePublished": "2020-09-24T13:25:32.000Z", "dateReserved": "2020-01-07T00:00:00.000Z", "dateUpdated": "2024-08-04T08:47:41.006Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:checkpoint:ica_management_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B5CD4D5-FE12-47A4-B488-C5C79192C1FC", "versionEndExcluding": "r80.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:ica_management_portal:r80.20:-:*:*:*:*:*:*", "matchCriteriaId": "DD6BFA69-7391-4D84-9355-B62C682FA5A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:ica_management_portal:r80.20:take_156:*:*:*:*:*:*", "matchCriteriaId": "90E4E78D-86F7-45ED-A433-98471057D812", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:checkpoint:ica_management_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F76C3DB-4DB8-48C4-82F1-2C76DA050F79", "versionEndExcluding": "r80.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:ica_management_portal:r80.30:-:*:*:*:*:*:*", "matchCriteriaId": "84C8736D-E8EE-415D-A144-70EDE2DC1AB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:ica_management_portal:r80.30:take_200:*:*:*:*:*:*", "matchCriteriaId": "760B689F-AC28-4A08-AFD6-7C686D997F22", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:checkpoint:ica_management_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "89F23E66-6FE4-47F7-8D82-139D7A2E5781", "versionEndExcluding": "r80.40", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:ica_management_portal:r80.40:-:*:*:*:*:*:*", "matchCriteriaId": "39C0C737-1472-41A1-903E-285D3CBBB7DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:checkpoint:ica_management_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5AF5484-895A-4FF3-BD43-65CCF7F1C419", "versionEndExcluding": "r80.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:checkpoint:ica_management_portal:r80.10:-:*:*:*:*:*:*", "matchCriteriaId": "129933AF-E0EC-4766-B2E0-596EE9D60FF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator."}, {"lang": "es", "value": "Una administraci\u00f3n web de Internal CA de Check Point Security Management anterior a HFA Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, puede ser manipulada para ejecutar comandos como un usuario muy privilegiado o un bloqueo, debido a una comprobaci\u00f3n d\u00e9bil de la entrada por parte de un administrador de gesti\u00f3n confiable"}], "id": "CVE-2020-6020", "lastModified": "2024-11-21T05:34:59.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 7.4, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:P", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 9.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-24T14:15:13.743", "references": [{"source": "cve@checkpoint.com", "tags": ["Vendor Advisory"], "url": "https://supportcontent.checkpoint.com/solutions?id=sk142952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://supportcontent.checkpoint.com/solutions?id=sk142952"}], "sourceIdentifier": "cve@checkpoint.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "cve@checkpoint.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}