Oracle Communications Evolved Communications Application Server Universal Data Record deserialization

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Oracle Communications Evolved Communications Application Server 7.1 (Cloud Software). It has been declared as critical. Affected by this vulnerability is an unknown part of the component Universal Data Record. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/21/2020 07:33 AM11/22/2020 03:16 PM11/22/2020 03:22 PM
vendorOracleOracleOracle
nameCommunications Evolved Communications Application ServerCommunications Evolved Communications Application ServerCommunications Evolved Communications Application Server
cveCVE-2020-14195CVE-2020-14195CVE-2020-14195
componentUniversal Data RecordUniversal Data RecordUniversal Data Record
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version7.17.17.1
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
typeCloud SoftwareCloud SoftwareCloud Software
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore7.67.67.6
cvss2_vuldb_tempscore6.66.66.6
cvss3_vuldb_basescore8.18.18.1
cvss3_vuldb_tempscore7.77.77.7
cvss3_meta_basescore8.18.18.1
cvss3_meta_tempscore7.77.77.7
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore6.86.86.8
cvss3_nvd_basescore8.18.18.1
cve_assigned15922584001592258400
cve_nvd_summaryFasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
confirm_urlhttps://security.netapp.com/advisory/ntap-20200702-0003/https://security.netapp.com/advisory/ntap-20200702-0003/
cwe502
cvss3_nvd_avN
cvss3_nvd_acH
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!