How severe is CVE-2020-15087?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-15087?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2020-15087 - HIGH Severity | CVSS 8.8

Vulnerability Description

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers.

Related Vulnerabilities

CVE-2016-1710

HIGH

CVSS:8.8(High)

The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which ...

CWE-2852016

CVE-2016-1711

HIGH

CVSS:8.8(High)

WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows r...

CWE-2852016

CVE-2016-3352

HIGH

CVSS:8.8(High)

Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via...

CWE-2852016

CVE-2016-7071

HIGH

CVSS:8.8(High)

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbi...

CWE-2852016

CVE-2016-9217

HIGH

CVSS:8.8(High)

A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. Mor...

CWE-2852016

CVE-2017-0926

HIGH

CVSS:8.8(High)

Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.

CWE-2852017