Oracle Communications Diameter Signaling Router up to 8.2.2 IDIH information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Oracle Communications Diameter Signaling Router up to 8.2.2 (Cloud Software). It has been declared as critical. This vulnerability affects some unknown functionality of the component IDIH. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/21/2020 07:35 AM11/22/2020 07:22 PM11/22/2020 07:25 PM
vendorOracleOracleOracle
nameCommunications Diameter Signaling RouterCommunications Diameter Signaling RouterCommunications Diameter Signaling Router
cveCVE-2019-12415CVE-2019-12415CVE-2019-12415
componentIDIHIDIHIDIH
risk222
cwe200200200
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version<=8.2.2<=8.2.2<=8.2.2
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
typeCloud SoftwareCloud SoftwareCloud Software
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_ciCCC
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.64.64.6
cvss2_vuldb_tempscore4.04.04.0
cvss3_vuldb_basescore5.55.55.5
cvss3_vuldb_tempscore5.35.35.3
cvss3_meta_basescore5.55.55.5
cvss3_meta_tempscore5.35.35.3
price_0day$0-$5k$0-$5k$0-$5k
cvss2_nvd_basescore2.12.12.1
cvss3_nvd_basescore5.55.55.5
cve_assigned15589944001558994400
cve_nvd_summaryIn Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cvss2_nvd_avL
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN

Do you want to use VulDB in your project?

Use the official API to access entries easily!