Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 Platform XML External Entity

Une vulnérabilité qui a été classée critique a été trouvée dans Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 (Asset Management Software). Affecté est une fonction inconnue du composant Platform. Mettre à jour élimine cette vulnérabilité. Une solution envisageable a été publiée immédiatement après la publication de la vulnérabilité.

Field	21/11/2020 07:36 AM	22/11/2020 09:07 PM	22/11/2020 09:14 PM
vendor	Oracle	Oracle	Oracle
name	Primavera Unifier	Primavera Unifier	Primavera Unifier
cve	CVE-2017-9096	CVE-2017-9096	CVE-2017-9096
component	Platform	Platform	Platform
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	H	H	H
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	H	H	H
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
version	16.1/16.2/17.12/18.8/19.12	16.1/16.2/17.12/18.8/19.12	16.1/16.2/17.12/18.8/19.12
url	https://www.oracle.com/security-alerts/cpuoct2020.html	https://www.oracle.com/security-alerts/cpuoct2020.html	https://www.oracle.com/security-alerts/cpuoct2020.html
date	1603144800 (20/10/2020)	1603144800 (20/10/2020)	1603144800 (20/10/2020)
identifier	Oracle Critical Patch Update Advisory - October 2020	Oracle Critical Patch Update Advisory - October 2020	Oracle Critical Patch Update Advisory - October 2020
name	Upgrade	Upgrade	Upgrade
date	1603144800 (20/10/2020)	1603144800 (20/10/2020)	1603144800 (20/10/2020)
type	Asset Management Software	Asset Management Software	Asset Management Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	C	C	C
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	10.0	10.0	10.0
cvss2_vuldb_tempscore	8.7	8.7	8.7
cvss3_vuldb_basescore	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.4	8.4	8.4
cvss3_meta_basescore	8.8	8.8	8.8
cvss3_meta_tempscore	8.4	8.4	8.4
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cvss2_nvd_basescore	6.8	6.8	6.8
cvss3_nvd_basescore	8.8	8.8	8.8
cve_assigned		1495144800	1495144800
cve_nvd_summary		The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.	The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
confirm_url		https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
cwe	0	0	611 (XML External Entity)
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			M
cvss2_nvd_au			N
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P

◂ Previous Vue d'ensemble Next ▸

Do you need the next level of professionalism?

Upgrade your account now!