Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 Platform XML External Entity

È stata rilevata una vulnerabilità di livello critico in Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 (Asset Management Software). Riguarda una funzione sconosciuta del componente Platform. L'aggiornamento elimina questa vulnerabilità. Una possibile soluzione è stata pubblicata immediatamente dopo la pubblicazione della vulnerabilità.

Field	21/11/2020 07:36 AM	22/11/2020 09:07 PM	22/11/2020 09:14 PM
vendor	Oracle	Oracle	Oracle
name	Primavera Unifier	Primavera Unifier	Primavera Unifier
cve	CVE-2017-9096	CVE-2017-9096	CVE-2017-9096
component	Platform	Platform	Platform
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	H	H	H
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	H	H	H
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
version	16.1/16.2/17.12/18.8/19.12	16.1/16.2/17.12/18.8/19.12	16.1/16.2/17.12/18.8/19.12
url	https://www.oracle.com/security-alerts/cpuoct2020.html	https://www.oracle.com/security-alerts/cpuoct2020.html	https://www.oracle.com/security-alerts/cpuoct2020.html
date	1603144800 (20/10/2020)	1603144800 (20/10/2020)	1603144800 (20/10/2020)
identifier	Oracle Critical Patch Update Advisory - October 2020	Oracle Critical Patch Update Advisory - October 2020	Oracle Critical Patch Update Advisory - October 2020
name	Upgrade	Upgrade	Upgrade
date	1603144800 (20/10/2020)	1603144800 (20/10/2020)	1603144800 (20/10/2020)
type	Asset Management Software	Asset Management Software	Asset Management Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	C	C	C
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	10.0	10.0	10.0
cvss2_vuldb_tempscore	8.7	8.7	8.7
cvss3_vuldb_basescore	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.4	8.4	8.4
cvss3_meta_basescore	8.8	8.8	8.8
cvss3_meta_tempscore	8.4	8.4	8.4
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cvss2_nvd_basescore	6.8	6.8	6.8
cvss3_nvd_basescore	8.8	8.8	8.8
cve_assigned		1495144800	1495144800
cve_nvd_summary		The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.	The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
confirm_url		https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
cwe	0	0	611 (XML External Entity)
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			M
cvss2_nvd_au			N
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P

◂ Previous Visione d'insieme Next ▸

Do you know our Splunk app?

Download it now for free!