How severe is CVE-2020-35473?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2020-35473?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2020-35473 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.

Related Vulnerabilities

CVE-2019-12383

MEDIUM

CVSS:4.3(Medium)

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my lang...

CWE-2032019

CVE-2020-6531

MEDIUM

CVSS:4.3(Medium)

Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-2032020

CVE-2021-20376

MEDIUM

CVSS:4.3(Medium)

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568...

CWE-2032021

CVE-2021-34576

MEDIUM

CVSS:4.3(Medium)

In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third part...

CWE-2032021

CVE-2021-37968

MEDIUM

CVSS:4.3(Medium)

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-2032021

CVE-2022-0569

MEDIUM

CVSS:4.3(Medium)

Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.

CWE-2032022