CVE-2020-6865

Published: Apr 30, 2020Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain sensitive information. This affects: OSCP versions V16.19.10 and V16.19.20.

Affected (2)

Products: Zte: Oscp

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Zte Oscp	Version 16.19.10
Zte Oscp	Version 16.19.20

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012782

Source: psirt@zte.com.cn

Vendor Advisory

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012782

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.