CVE-2020-26217 in Endeca Information Discovery Studioinfo

Summary

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsible

GitHub, Inc.

Reservation

10/01/2020

Disclosure

11/17/2020

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
173498	Oracle Endeca Information Discovery Studio os command injection	78	Not defined	Official fix	CVE-2020-26217
173497	Oracle BAM (Business Activity Monitoring) General os command injection	78	Not defined	Official fix	CVE-2020-26217
173477	Oracle Banking Platform Collections os command injection	78	Not defined	Official fix	CVE-2020-26217
165018	Xstream Security os command injection	78	Not defined	Official fix	CVE-2020-26217

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!