What is the CVSS score of CVE-2020-37114?

CVE-2020-37114 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of AWS are affected by CVE-2020-37114?

Organizations using GUnet OpenEclass 1.7.3 should be aware of moderate risk from CVE-2020-37114, a information exposure vulnerability rated CVSS 4.3.

Is there a public PoC exploit available for CVE-2020-37114?

Yes, a public proof-of-concept exploit is available for CVE-2020-37114. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2020-37114?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review data exposure and access controls.

AWS CVE-2020-37114

MEDIUM

Information Exposure (CWE-200)

2026-02-03 disclosure@vulncheck.com

Information Disclosure AWS Open Eclass Platform

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 10, 2026 - 21:25 vuln.today

Public exploit code

CVE Published

Feb 03, 2026 - 18:16 nvd

MEDIUM 4.3

DescriptionNVD

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.

AnalysisAI

Technical ContextAI

Classified as CWE-200 (Information Exposure). Affects the various component of Open Eclass Platform. GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2020-37114 vulnerability details – vuln.today

Back

AWS CVE-2020-37114

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code