CVE-2020-18685Improper Input Validation in Atlassian Floodlight

CWE-20Improper Input Validation3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 37.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Floodlight
Timeline
PublishedSep 30
Latest updateMay 24

Description

Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-5fp8-mw35-h972: Floodlight through 12022-05-24
CVEList
CVE-2020-18685: Floodlight through 12021-09-30
CVE-2020-18685 — Improper Input Validation in Atlassian | cvebase