Oracle Communications Element Manager 8.2.0/8.2.1/8.2.2 deserialization

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Oracle Communications Element Manager 8.2.0/8.2.1/8.2.2 (Cloud Software). It has been classified as critical. Affected is some unknown functionality. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/21/2020 07:33 AM11/22/2020 03:10 PM11/22/2020 03:14 PM
vendorOracleOracleOracle
nameCommunications Element ManagerCommunications Element ManagerCommunications Element Manager
cveCVE-2020-14195CVE-2020-14195CVE-2020-14195
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version8.2.0/8.2.1/8.2.28.2.0/8.2.1/8.2.28.2.0/8.2.1/8.2.2
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
typeCloud SoftwareCloud SoftwareCloud Software
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore7.67.67.6
cvss2_vuldb_tempscore6.66.66.6
cvss3_vuldb_basescore8.18.18.1
cvss3_vuldb_tempscore7.77.77.7
cvss3_meta_basescore8.18.18.1
cvss3_meta_tempscore7.77.77.7
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore6.86.86.8
cvss3_nvd_basescore8.18.18.1
confirm_urlhttps://security.netapp.com/advisory/ntap-20200702-0003/https://security.netapp.com/advisory/ntap-20200702-0003/
cve_assigned15922584001592258400
cve_nvd_summaryFasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
cwe502
cvss3_nvd_avN
cvss3_nvd_acH
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!