Oracle Communications Element Manager 8.2.0/8.2.1/8.2.2 information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in Oracle Communications Element Manager 8.2.0/8.2.1/8.2.2 (Cloud Software). Affected by this issue is some unknown processing. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1064767411/22/2020VulD...cvss2_nvd_aiNnvd.nist.gov11/22/2020accepted70
1064767311/22/2020VulD...cvss2_nvd_iiNnvd.nist.gov11/22/2020accepted70
1064767211/22/2020VulD...cvss2_nvd_ciPnvd.nist.gov11/22/2020accepted70
1064767111/22/2020VulD...cvss2_nvd_auNnvd.nist.gov11/22/2020accepted70
1064767011/22/2020VulD...cvss2_nvd_acMnvd.nist.gov11/22/2020accepted70
1064766911/22/2020VulD...cvss2_nvd_avAnvd.nist.gov11/22/2020accepted70
1064766811/22/2020VulD...cvss3_nvd_aNnvd.nist.gov11/22/2020accepted70
1064766711/22/2020VulD...cvss3_nvd_iNnvd.nist.gov11/22/2020accepted70
1064766611/22/2020VulD...cvss3_nvd_cHnvd.nist.gov11/22/2020accepted70
1064766511/22/2020VulD...cvss3_nvd_sUnvd.nist.gov11/22/2020accepted70
1064766411/22/2020VulD...cvss3_nvd_uiNnvd.nist.gov11/22/2020accepted70
1064766311/22/2020VulD...cvss3_nvd_prNnvd.nist.gov11/22/2020accepted70
1064766211/22/2020VulD...cvss3_nvd_acHnvd.nist.gov11/22/2020accepted70
1064766111/22/2020VulD...cvss3_nvd_avAnvd.nist.gov11/22/2020accepted70
1064766011/22/2020VulD...cve_nvd_summaryApache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.cve.mitre.org11/22/2020accepted70
1064765911/22/2020VulD...cve_assigned1575241200cve.mitre.org11/22/2020accepted70
1064767611/21/2020VulD...cvss3_nvd_basescore5.3nist.gov11/21/2020accepted90
1064767511/21/2020VulD...cvss2_nvd_basescore2.9nist.gov11/21/2020accepted90
1053906410/21/2020VulD...price_0day$5k-$25ksee documentation10/21/2020accepted90
1053906310/21/2020VulD...cvss3_meta_tempscore5.1see documentation10/21/2020accepted90

Do you want to use VulDB in your project?

Use the official API to access entries easily!