Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-27225

In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.

Published

2021-03-09T19:15:12.237

Last Modified

2024-11-21T05:20:54.000

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-306
Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	eclipse	platform	≤ 4.18	Yes

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855 Exploit, Issue Tracking, Patch, Vendor Advisory ([email protected])
https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855 Exploit, Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)