From 7e9fa446dcbbba6e34018f52d3c717de0dfa7125 Mon Sep 17 00:00:00 2001
From: Bishop <fabric8.analytics.cve.bot@gmail.com>
Date: Tue, 7 Jul 2020 06:13:28 +0000
Subject: [PATCH] Add CVE-2020-12033

---
 database/java/2020/12033.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 database/java/2020/12033.yaml

diff --git a/database/java/2020/12033.yaml b/database/java/2020/12033.yaml
new file mode 100644
index 0000000000..8e2fdee3cb
--- /dev/null
+++ b/database/java/2020/12033.yaml
@@ -0,0 +1,15 @@
+---
+cve: 2020-12033
+title: CVE in org.ctoolkit.services:ctoolkit-services-upload
+description: >
+    In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.
+cvss_v2: 5.8
+references:
+    - https://www.us-cert.gov/ics/advisories/icsa-20-170-04
+affected:
+    - groupId: org.ctoolkit.services
+      artifactId: ctoolkit-services-upload
+      version:
+        []
+      fixedin:
+        - ">=0.5"