Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 Platform xml external entity reference

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 (Asset Management Software). This vulnerability affects an unknown function of the component Platform. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1064783011/22/2020VulD...cvss2_nvd_aiPnvd.nist.gov11/22/2020accepted70
1064782911/22/2020VulD...cvss2_nvd_iiPnvd.nist.gov11/22/2020accepted70
1064782811/22/2020VulD...cvss2_nvd_ciPnvd.nist.gov11/22/2020accepted70
1064782711/22/2020VulD...cvss2_nvd_auNnvd.nist.gov11/22/2020accepted70
1064782611/22/2020VulD...cvss2_nvd_acMnvd.nist.gov11/22/2020accepted70
1064782511/22/2020VulD...cvss2_nvd_avNnvd.nist.gov11/22/2020accepted70
1064782411/22/2020VulD...cvss3_nvd_aHnvd.nist.gov11/22/2020accepted70
1064782311/22/2020VulD...cvss3_nvd_iHnvd.nist.gov11/22/2020accepted70
1064782211/22/2020VulD...cvss3_nvd_cHnvd.nist.gov11/22/2020accepted70
1064782111/22/2020VulD...cvss3_nvd_sUnvd.nist.gov11/22/2020accepted70
1064782011/22/2020VulD...cvss3_nvd_uiRnvd.nist.gov11/22/2020accepted70
1064781911/22/2020VulD...cvss3_nvd_prNnvd.nist.gov11/22/2020accepted70
1064781811/22/2020VulD...cvss3_nvd_acLnvd.nist.gov11/22/2020accepted70
1064781711/22/2020VulD...cvss3_nvd_avNnvd.nist.gov11/22/2020accepted70
1064781611/22/2020VulD...cwe611 (XML External Entity)nvd.nist.gov11/22/2020accepted70
1064781511/22/2020VulD...confirm_urlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_uscve.mitre.org11/22/2020accepted70
1064781411/22/2020VulD...cve_nvd_summaryThe XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.cve.mitre.org11/22/2020accepted70
1064781311/22/2020VulD...cve_assigned1495144800cve.mitre.org11/22/2020accepted70
1064783311/21/2020VulD...cvss3_nvd_basescore8.8nist.gov11/21/2020accepted90
1064783211/21/2020VulD...cvss2_nvd_basescore6.8nist.gov11/21/2020accepted90

Want to stay up to date on a daily basis?

Enable the mail alert feature now!