Oracle Communications Services Gatekeeper 7 Media Control UI information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Oracle Communications Services Gatekeeper 7 (Cloud Software). It has been classified as problematic. Affected is an unknown part of the component Media Control UI. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/21/2020 07:36 AM11/22/2020 08:29 PM11/22/2020 08:35 PM
vendorOracleOracleOracle
nameCommunications Services GatekeeperCommunications Services GatekeeperCommunications Services Gatekeeper
cveCVE-2020-9488CVE-2020-9488CVE-2020-9488
componentMedia Control UIMedia Control UIMedia Control UI
risk222
cwe200200200
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version777
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
typeCloud SoftwareCloud SoftwareCloud Software
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore2.62.62.6
cvss2_vuldb_tempscore2.32.32.3
cvss3_vuldb_basescore3.73.73.7
cvss3_vuldb_tempscore3.63.63.6
cvss3_meta_basescore3.73.73.7
cvss3_meta_tempscore3.63.63.6
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore4.34.34.3
cvss3_nvd_basescore3.73.73.7
cve_assigned15830172001583017200
cve_nvd_summaryImproper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.
confirm_urlhttps://issues.apache.org/jira/browse/LOG4J2-2819https://issues.apache.org/jira/browse/LOG4J2-2819
cvss3_nvd_avN
cvss3_nvd_acH
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cL
cvss3_nvd_iN
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN

Interested in the pricing of exploits?

See the underground prices here!