Oracle Communications Session Report Manager 8.2.0/8.2.1/8.2.2 information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in Oracle Communications Session Report Manager 8.2.0/8.2.1/8.2.2 (Cloud Software). This affects an unknown function. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/21/2020 07:35 AM11/22/2020 08:02 PM11/22/2020 08:09 PM
vendorOracleOracleOracle
nameCommunications Session Report ManagerCommunications Session Report ManagerCommunications Session Report Manager
cveCVE-2020-1954CVE-2020-1954CVE-2020-1954
risk222
cwe200200200
cvss3_vuldb_avAAA
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version8.2.0/8.2.1/8.2.28.2.0/8.2.1/8.2.28.2.0/8.2.1/8.2.2
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
typeCloud SoftwareCloud SoftwareCloud Software
cvss2_vuldb_avAAA
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.64.64.6
cvss2_vuldb_tempscore4.04.04.0
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_meta_basescore5.35.35.3
cvss3_meta_tempscore5.15.15.1
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore2.92.92.9
cvss3_nvd_basescore5.35.35.3
cve_assigned15752412001575241200
cve_nvd_summaryApache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.
cvss3_nvd_avA
cvss3_nvd_acH
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cvss2_nvd_avA
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN

Do you want to use VulDB in your project?

Use the official API to access entries easily!