CVE-2020-27225

Name of the Vulnerable Software and Affected Versions: Eclipse Platform versions 4.18 and earlier

Description: The Help Subsystem in the Eclipse Platform does not authenticate active help requests to the local help web server. This allows an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.

Recommendations: For versions 4.18 and earlier, consider disabling the Help Subsystem until a patch is available to prevent unauthorized access to the local help web server. Restrict access to the local help web server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.