How severe is CVE-2020-14341?

This vulnerability has a severity rating of LOW with a CVSS score of 2.7 out of 10.

What type of vulnerability is CVE-2020-14341?

This is classified as CWE-385, which is a common weakness in software security.

CVE-2020-14341 - LOW Severity | CVSS 2.7

Vulnerability Description

The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly.

Related Vulnerabilities

CVE-2023-33855

LOW

CVSS:3.7(Low)

Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obt...

CWE-3852023

CVE-2024-13176

MEDIUM

CVSS:4.1(Medium)

Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature comput...

CWE-3852024

CVE-2020-29506

CRITICAL

CVSS:9.8(Critical)

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

CWE-3852020

CVE-2020-35166

CRITICAL

CVSS:9.8(Critical)

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

CWE-3852020

CVE-2020-35164

HIGH

CVSS:8.1(High)

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

CWE-3852020

CVE-2022-24409

HIGH

CVSS:7.5(High)

Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance...

CWE-3852022