Oracle Communications Element Manager 8.2.0/8.2.1/8.2.2 information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Oracle Communications Element Manager 8.2.0/8.2.1/8.2.2 (Cloud Software). It has been classified as critical. Affected is some unknown processing. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/21/2020 07:34 AM11/22/2020 05:41 PM11/22/2020 05:46 PM
version8.2.0/8.2.1/8.2.28.2.0/8.2.1/8.2.28.2.0/8.2.1/8.2.2
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
vendorOracleOracleOracle
nameCommunications Element ManagerCommunications Element ManagerCommunications Element Manager
cveCVE-2020-5408CVE-2020-5408CVE-2020-5408
risk222
cwe200200200
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
typeCloud SoftwareCloud SoftwareCloud Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciCCC
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.95.95.9
cvss3_vuldb_basescore6.56.56.5
cvss3_vuldb_tempscore6.26.26.2
cvss3_meta_basescore6.56.56.5
cvss3_meta_tempscore6.26.26.2
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore4.04.04.0
cvss3_nvd_basescore6.56.56.5
cve_assigned15780060001578006000
cve_nvd_summarySpring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.
confirm_urlhttps://tanzu.vmware.com/security/cve-2020-5408https://tanzu.vmware.com/security/cve-2020-5408
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN

Might our Artificial Intelligence support you?

Check our Alexa App!