Oracle Communications Diameter Signaling Router up to 8.2.2 IDIH deserialization

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Oracle Communications Diameter Signaling Router up to 8.2.2 (Cloud Software) and classified as critical. This issue affects an unknown functionality of the component IDIH. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/21/2020 07:33 AM11/22/2020 03:02 PM11/22/2020 03:07 PM
vendorOracleOracleOracle
nameCommunications Diameter Signaling RouterCommunications Diameter Signaling RouterCommunications Diameter Signaling Router
cveCVE-2020-14195CVE-2020-14195CVE-2020-14195
componentIDIHIDIHIDIH
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version<=8.2.2<=8.2.2<=8.2.2
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
typeCloud SoftwareCloud SoftwareCloud Software
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore7.67.67.6
cvss2_vuldb_tempscore6.66.66.6
cvss3_vuldb_basescore8.18.18.1
cvss3_vuldb_tempscore7.77.77.7
cvss3_meta_basescore8.18.18.1
cvss3_meta_tempscore7.77.77.7
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore6.86.86.8
cvss3_nvd_basescore8.18.18.1
cve_assigned15922584001592258400
cve_nvd_summaryFasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
confirm_urlhttps://security.netapp.com/advisory/ntap-20200702-0003/https://security.netapp.com/advisory/ntap-20200702-0003/
cwe502
cvss3_nvd_avN
cvss3_nvd_acH
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP

Want to stay up to date on a daily basis?

Enable the mail alert feature now!