CVE-2020-6865

Name of the Vulnerable Software and Affected Versions ZTE SDN controller platform versions V16.19.10 through V16.19.20

Description The ZTE SDN controller platform is impacted by an information leakage issue. Due to the program's failure to optimize the response to a request failure, the caller can directly view the internal error code location of the component. Attackers could exploit this to obtain sensitive information.

Recommendations For versions V16.19.10 and V16.19.20, consider restricting access to the component until a patch is available. As a temporary workaround, avoid using the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.