CVE-2020-18685

9.8CRITICAL

Key Information

Vendor: Atlassian
Status: Floodlight
Vendor: CVE Published:; 30 September 2021

Summary

Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 30, 2021
Vulnerability Reserved.
Aug 13, 2020

Collectors

NVD DatabaseMitre Database