Oracle Communications Element Manager 8.2.0/8.2.1/8.2.2 denial of service

A vulnerability, which was classified as critical, was found in Oracle Communications Element Manager 8.2.0/8.2.1/8.2.2 (Cloud Software). Affected is an unknown functionality. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field	11/21/2020 07:34 AM	11/22/2020 04:00 PM	11/22/2020 04:06 PM
vendor	Oracle	Oracle	Oracle
name	Communications Element Manager	Communications Element Manager	Communications Element Manager
cve	CVE-2019-12402	CVE-2019-12402	CVE-2019-12402
risk	2	2	2
cwe	404 (denial of service)	404 (denial of service)	404 (denial of service)
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	H	H	H
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
version	8.2.0/8.2.1/8.2.2	8.2.0/8.2.1/8.2.2	8.2.0/8.2.1/8.2.2
url	https://www.oracle.com/security-alerts/cpuoct2020.html	https://www.oracle.com/security-alerts/cpuoct2020.html	https://www.oracle.com/security-alerts/cpuoct2020.html
date	1603144800 (10/20/2020)	1603144800 (10/20/2020)	1603144800 (10/20/2020)
identifier	Oracle Critical Patch Update Advisory - October 2020	Oracle Critical Patch Update Advisory - October 2020	Oracle Critical Patch Update Advisory - October 2020
name	Upgrade	Upgrade	Upgrade
date	1603144800 (10/20/2020)	1603144800 (10/20/2020)	1603144800 (10/20/2020)
type	Cloud Software	Cloud Software	Cloud Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	7.8	7.8	7.8
cvss2_vuldb_tempscore	6.8	6.8	6.8
cvss3_vuldb_basescore	7.5	7.5	7.5
cvss3_vuldb_tempscore	7.2	7.2	7.2
cvss3_meta_basescore	7.5	7.5	7.5
cvss3_meta_tempscore	7.2	7.2	7.2
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cvss2_nvd_basescore	5.0	5.0	5.0
cvss3_nvd_basescore	7.5	7.5	7.5
cve_assigned		1558994400	1558994400
cve_nvd_summary		The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.	The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			N
cvss3_nvd_i			N
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			N
cvss2_nvd_ci			N
cvss2_nvd_ii			N
cvss2_nvd_ai			P

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!