Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 Platform XML External Entity

Una vulnerabilidad clasificada como crítica ha sido encontrada en Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 (Asset Management Software). Una función desconocida del componente Platform es afectada por esta vulnerabilidad. Una actualización elimina esta vulnerabilidad. Una solución posible ha sido publicada inmediatamente después de la publicación de la vulnerabilidad.

Field	2020-11-21 07:36 AM	2020-11-22 09:07 PM	2020-11-22 09:14 PM
vendor	Oracle	Oracle	Oracle
name	Primavera Unifier	Primavera Unifier	Primavera Unifier
cve	CVE-2017-9096	CVE-2017-9096	CVE-2017-9096
component	Platform	Platform	Platform
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	H	H	H
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	H	H	H
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
version	16.1/16.2/17.12/18.8/19.12	16.1/16.2/17.12/18.8/19.12	16.1/16.2/17.12/18.8/19.12
url	https://www.oracle.com/security-alerts/cpuoct2020.html	https://www.oracle.com/security-alerts/cpuoct2020.html	https://www.oracle.com/security-alerts/cpuoct2020.html
date	1603144800 (2020-10-20)	1603144800 (2020-10-20)	1603144800 (2020-10-20)
identifier	Oracle Critical Patch Update Advisory - October 2020	Oracle Critical Patch Update Advisory - October 2020	Oracle Critical Patch Update Advisory - October 2020
name	Upgrade	Upgrade	Upgrade
date	1603144800 (2020-10-20)	1603144800 (2020-10-20)	1603144800 (2020-10-20)
type	Asset Management Software	Asset Management Software	Asset Management Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	C	C	C
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	10.0	10.0	10.0
cvss2_vuldb_tempscore	8.7	8.7	8.7
cvss3_vuldb_basescore	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.4	8.4	8.4
cvss3_meta_basescore	8.8	8.8	8.8
cvss3_meta_tempscore	8.4	8.4	8.4
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cvss2_nvd_basescore	6.8	6.8	6.8
cvss3_nvd_basescore	8.8	8.8	8.8
cve_assigned		1495144800	1495144800
cve_nvd_summary		The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.	The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
confirm_url		https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
cwe	0	0	611 (XML External Entity)
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			M
cvss2_nvd_au			N
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P

◂ Previous Visión de conjunto Next ▸

Do you need the next level of professionalism?

Upgrade your account now!