Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 Platform xml external entity reference

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 (Asset Management Software). This vulnerability affects an unknown function of the component Platform. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/21/2020 07:36 AM11/22/2020 09:07 PM11/22/2020 09:14 PM
vendorOracleOracleOracle
namePrimavera UnifierPrimavera UnifierPrimavera Unifier
cveCVE-2017-9096CVE-2017-9096CVE-2017-9096
componentPlatformPlatformPlatform
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version16.1/16.2/17.12/18.8/19.1216.1/16.2/17.12/18.8/19.1216.1/16.2/17.12/18.8/19.12
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
typeAsset Management SoftwareAsset Management SoftwareAsset Management Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore10.010.010.0
cvss2_vuldb_tempscore8.78.78.7
cvss3_vuldb_basescore8.88.88.8
cvss3_vuldb_tempscore8.48.48.4
cvss3_meta_basescore8.88.88.8
cvss3_meta_tempscore8.48.48.4
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore6.86.86.8
cvss3_nvd_basescore8.88.88.8
cve_assigned14951448001495144800
cve_nvd_summaryThe XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
confirm_urlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
cwe611
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP

Do you need the next level of professionalism?

Upgrade your account now!