How severe is CVE-2020-13946?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2020-13946?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2020-13946

MEDIUM Year: 2020

CVSS v3 Score

5.9

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-668

View all →

Vulnerability Description

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.

CVE-2019-12904

MEDIUM

CVSS:5.9(Medium)

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on pl...

CWE-6682019

CVE-2020-11934

MEDIUM

CVSS:5.9(Medium)

It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIR...

CWE-6682020

CVE-2022-40234

MEDIUM

CVSS:5.9(Medium)

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM ...

CWE-6682022

CVE-2022-31596

MEDIUM

CVSS:6.0(Medium)

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - versio...

CWE-6682022

CVE-2020-12020

MEDIUM

CVSS:6.1(Medium)

Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editin...

CWE-6682020

CVE-2020-15215

MEDIUM

CVSS:5.6(Medium)

Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contex...

CWE-6682020

CVE-2020-13946

Vulnerability Description

Related Vulnerabilities

CVE-2019-12904

CVE-2020-11934

CVE-2022-40234

CVE-2022-31596

CVE-2020-12020

CVE-2020-15215