How severe is CVE-2020-10697?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2020-10697?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2020-10697

MEDIUM Year: 2020

CVSS v3 Score

4.4

Medium

CVSS v2 Score

3.6

Low

Weakness Type

CWE-862

View all →

Vulnerability Description

A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial of service attack. This attack would not completely stop the service, but in the worst-case scenario, it can reduce the Tower performance, for which memcached is designed. Theoretically, more sophisticated attacks can be performed by manipulating and crafting the cache, as Tower relies on memcached as a place to pull out setting values. Confidential and sensitive data stored in memcached should not be pulled, as this information is encrypted. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.

CVE-2019-15030

MEDIUM

CVSS:4.4(Medium)

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local ...

CWE-8622019

CVE-2020-0135

MEDIUM

CVSS:4.4(Medium)

In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privil...

CWE-8622020

CVE-2020-27053

MEDIUM

CVSS:4.4(Medium)

In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a possible location permission bypass due to a missing permission check. This could lead to local information disclosure of the WiFi ...

CWE-8622020

CVE-2020-28368

MEDIUM

CVSS:4.4(Medium)

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Pla...

CWE-8622020

CVE-2021-0403

MEDIUM

CVSS:4.4(Medium)

In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is n...

CWE-8622021

CVE-2022-20098

MEDIUM

CVSS:4.4(Medium)

In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction i...

CWE-8622022

CVE-2020-10697

Vulnerability Description

Related Vulnerabilities

CVE-2019-15030

CVE-2020-0135

CVE-2020-27053

CVE-2020-28368

CVE-2021-0403

CVE-2022-20098