Vulnerability Change Records for CVE-2020-1971

Change History

CVE Modified by OpenSSL Software Foundation 5/11/2021 6:15:08 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.tenable.com/security/tns-2021-09 [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 1/20/2021 10:15:40 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.oracle.com/security-alerts/cpujan2021.html [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 12/16/2020 1:15:13 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3Ccommits.pulsar.apache.org%3E [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 2/07/2021 3:15:13 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3Cdev.tomcat.apache.org%3E [No Types Assigned]

Modified Analysis 9/16/2021 9:19:22 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9
     *cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:* versions up to (excluding) 5.13.1
Changed CPE Configuration
OR
     *cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
     *cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* versions from (including) 11.0.0 up to (including) 11.60.3
     *cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
     *cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
     *cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
OR
     *cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
     *cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
     *cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
     *cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* versions from (including) 11.0.0 up to (including) 11.60.3
     *cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
     *cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
     *cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
     *cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
Changed CPE Configuration
OR
     *cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*
     *cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*
     *cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to (including) 8.0.22
OR
     *cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
     *cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
     *cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
     *cpe:2.3:a:oracle:communications_session_border_controller:cz8.2:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_session_border_controller:cz8.3:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_session_router:cz8.2:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_session_router:cz8.3:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.2:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:communications_unified_session_manager:scz8.2.5:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.1:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.2:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.2:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.3:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.4:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*
     *cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*
     *cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.3
     *cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions up to (including) 8.0.22
     *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions up to (including) 5.7.32
     *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions from (including) 8.0.15 up to (including) 8.0.22
     *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
Changed Reference Type
http://www.openwall.com/lists/oss-security/2021/09/14/2 No Types Assigned
http://www.openwall.com/lists/oss-security/2021/09/14/2 Mailing List, Third Party Advisory
Changed Reference Type
https://security.netapp.com/advisory/ntap-20210513-0002/ No Types Assigned
https://security.netapp.com/advisory/ntap-20210513-0002/ Third Party Advisory
Changed Reference Type
https://www.oracle.com//security-alerts/cpujul2021.html No Types Assigned
https://www.oracle.com//security-alerts/cpujul2021.html Patch, Third Party Advisory
Changed Reference Type
https://www.oracle.com/security-alerts/cpuApr2021.html No Types Assigned
https://www.oracle.com/security-alerts/cpuApr2021.html Patch, Third Party Advisory
Changed Reference Type
https://www.tenable.com/security/tns-2021-09 No Types Assigned
https://www.tenable.com/security/tns-2021-09 Third Party Advisory
Changed Reference Type
https://www.tenable.com/security/tns-2021-10 No Types Assigned
https://www.tenable.com/security/tns-2021-10 Third Party Advisory

Modified Analysis 12/15/2020 2:44:02 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
OR
     *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
     *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
NIST (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Removed CVSS V2
NIST (AV:N/AC:L/Au:N/C:N/I:N/A:P)

								
						
Added CVSS V3.1

								
							
							
						
NIST AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Removed CVSS V3.1
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

								
						
Changed Reference Type
https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html No Types Assigned
https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html Third Party Advisory
Changed Reference Type
https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html No Types Assigned
https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html Third Party Advisory

CVE Modified by OpenSSL Software Foundation 12/18/2020 6:15:13 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://security.netapp.com/advisory/ntap-20201218-0005/ [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 12/23/2020 5:15:14 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://security.gentoo.org/glsa/202012-13 [No Types Assigned]

Initial Analysis 12/10/2020 9:29:27 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.0.2 up to (including) 1.0.2w
     *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.1.1 up to (including) 1.1.1h
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
NIST (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Added CVSS V3.1

								
							
							
						
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added CWE

								
							
							
						
NIST CWE-476
Changed Reference Type
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e No Types Assigned
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e Broken Link
Changed Reference Type
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920 No Types Assigned
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920 Patch, Vendor Advisory
Changed Reference Type
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc No Types Assigned
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc Third Party Advisory
Changed Reference Type
https://www.debian.org/security/2020/dsa-4807 No Types Assigned
https://www.debian.org/security/2020/dsa-4807 Third Party Advisory
Changed Reference Type
https://www.openssl.org/news/secadv/20201208.txt No Types Assigned
https://www.openssl.org/news/secadv/20201208.txt Vendor Advisory

CVE Modified by OpenSSL Software Foundation 12/09/2020 7:15:16 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 12/20/2020 11:15:12 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/ [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 12/21/2020 1:15:14 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.tenable.com/security/tns-2020-11 [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 9/14/2021 8:15:07 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.openwall.com/lists/oss-security/2021/09/14/2 [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 5/13/2021 2:15:08 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://security.netapp.com/advisory/ntap-20210513-0002/ [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 12/15/2020 11:15:13 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/ [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 1/18/2021 2:15:12 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676 [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 12/08/2020 7:15:12 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.debian.org/security/2020/dsa-4807 [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 12/14/2020 6:15:11 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html [No Types Assigned]
Added Reference

								
							
							
						
https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 6/14/2021 2:15:23 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.oracle.com/security-alerts/cpuApr2021.html [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 6/02/2021 3:15:08 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.tenable.com/security/tns-2021-10 [No Types Assigned]

CVE Modified by OpenSSL Software Foundation 7/20/2021 7:15:18 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://www.oracle.com//security-alerts/cpujul2021.html [No Types Assigned]