CVE-2020-27225

CVE-2020-27225

Vendor The Eclipse Foundation
Product Eclipse Platform
Weakness CWE-306 · Missing auth
Published March 9, 2021
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.

Key dates

02Disclosure timeline

March 9, 2021 CVE published
August 4, 2024 Record updated