Oracle Communications Session Route Manager 8.2.0/8.2.1/8.2.2 xml external entity reference

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as very critical has been found in Oracle Communications Session Route Manager 8.2.0/8.2.1/8.2.2 (Cloud Software). Affected is an unknown part. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/21/2020 07:33 AM11/22/2020 02:08 PM11/22/2020 02:13 PM
vendorOracleOracleOracle
nameCommunications Session Route ManagerCommunications Session Route ManagerCommunications Session Route Manager
cveCVE-2019-13990CVE-2019-13990CVE-2019-13990
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version8.2.0/8.2.1/8.2.28.2.0/8.2.1/8.2.28.2.0/8.2.1/8.2.2
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date1603144800 (10/20/2020)1603144800 (10/20/2020)1603144800 (10/20/2020)
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date1603144800 (10/20/2020)1603144800 (10/20/2020)1603144800 (10/20/2020)
typeCloud SoftwareCloud SoftwareCloud Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore10.010.010.0
cvss2_vuldb_tempscore8.78.78.7
cvss3_vuldb_basescore9.89.89.8
cvss3_vuldb_tempscore9.49.49.4
cvss3_meta_basescore9.89.89.8
cvss3_meta_tempscore9.49.49.4
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore7.57.57.5
cvss3_nvd_basescore9.89.89.8
cve_assigned15634872001563487200
cve_nvd_summaryinitDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
cwe00611 (XML External Entity)
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP

Do you know our Splunk app?

Download it now for free!