Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 Platform XML External Entity

artículoeditHistoryDiffjsonxmlCTI

Una vulnerabilidad clasificada como crítica ha sido encontrada en Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 (Asset Management Software). Una función desconocida del componente Platform es afectada por esta vulnerabilidad. Una actualización elimina esta vulnerabilidad. Una solución posible ha sido publicada inmediatamente después de la publicación de la vulnerabilidad.

Field2020-11-21 07:36 AM2020-11-22 09:07 PM2020-11-22 09:14 PM
vendorOracleOracleOracle
namePrimavera UnifierPrimavera UnifierPrimavera Unifier
cveCVE-2017-9096CVE-2017-9096CVE-2017-9096
componentPlatformPlatformPlatform
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version16.1/16.2/17.12/18.8/19.1216.1/16.2/17.12/18.8/19.1216.1/16.2/17.12/18.8/19.12
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date1603144800 (2020-10-20)1603144800 (2020-10-20)1603144800 (2020-10-20)
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date1603144800 (2020-10-20)1603144800 (2020-10-20)1603144800 (2020-10-20)
typeAsset Management SoftwareAsset Management SoftwareAsset Management Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore10.010.010.0
cvss2_vuldb_tempscore8.78.78.7
cvss3_vuldb_basescore8.88.88.8
cvss3_vuldb_tempscore8.48.48.4
cvss3_meta_basescore8.88.88.8
cvss3_meta_tempscore8.48.48.4
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore6.86.86.8
cvss3_nvd_basescore8.88.88.8
cve_assigned14951448001495144800
cve_nvd_summaryThe XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
confirm_urlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
cwe00611 (XML External Entity)
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP

Do you need the next level of professionalism?

Upgrade your account now!