Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 Platform xml external entity reference

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 (Asset Management Software). This affects some unknown processing of the component Platform. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/21/2020 07:36 AM11/22/2020 08:57 PM11/22/2020 09:00 PM
vendorOracleOracleOracle
namePrimavera UnifierPrimavera UnifierPrimavera Unifier
cveCVE-2015-1832CVE-2015-1832CVE-2015-1832
componentPlatformPlatformPlatform
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iNNN
cvss3_vuldb_aHHH
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version16.1/16.2/17.12/18.8/19.1216.1/16.2/17.12/18.8/19.1216.1/16.2/17.12/18.8/19.12
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
typeAsset Management SoftwareAsset Management SoftwareAsset Management Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiNNN
cvss2_vuldb_aiCCC
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore9.49.49.4
cvss2_vuldb_tempscore8.28.28.2
cvss3_vuldb_basescore9.19.19.1
cvss3_vuldb_tempscore8.78.78.7
cvss3_meta_basescore9.19.19.1
cvss3_meta_tempscore8.78.78.7
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore6.46.46.4
cvss3_nvd_basescore9.19.19.1
cve_assigned14241276001424127600
cve_nvd_summaryXML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
confirm_urlhttp://www-01.ibm.com/support/docview.wss?uid=swg21990100http://www-01.ibm.com/support/docview.wss?uid=swg21990100
securityfocus9313293132
cvss2_nvd_iiN
cvss2_nvd_aiP
cwe611
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP

Might our Artificial Intelligence support you?

Check our Alexa App!