How severe is CVE-2020-8911?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.6 out of 10.

What type of vulnerability is CVE-2020-8911?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2020-8911

MEDIUM Year: 2020

CVSS v3 Score

5.6

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-327

View all →

Vulnerability Description

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC's ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files.

CVE-2013-2213

MEDIUM

CVSS:5.5(Medium)

The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent atta...

CWE-3272013

CVE-2017-1571

MEDIUM

CVSS:5.5(Medium)

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive ...

CWE-3272017

CVE-2017-1575

MEDIUM

CVSS:5.5(Medium)

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sens...

CWE-3272017

CVE-2018-1428

MEDIUM

CVSS:5.5(Medium)

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X...

CWE-3272018

CVE-2019-18340

MEDIUM

CVSS:5.5(Medium)

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNV...

CWE-3272019

CVE-2019-20775

MEDIUM

CVSS:5.5(Medium)

An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID is LV...

CWE-3272019

CVE-2020-8911

Vulnerability Description

Related Vulnerabilities

CVE-2013-2213

CVE-2017-1571

CVE-2017-1575

CVE-2018-1428

CVE-2019-18340

CVE-2019-20775