Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 Platform XML External Entity

W Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 (Asset Management Software) została odkryta podatność. Podatnością dotknięta jest nieznana funkcja w komponencie Platform. Aktualizacja eliminuje tę podatność. Potencjalne zabezpieczenie zostało opublikowane po ujawnieniu podatności.

Field	2020-11-21 07:36 AM	2020-11-22 09:07 PM	2020-11-22 09:14 PM
vendor	Oracle	Oracle	Oracle
name	Primavera Unifier	Primavera Unifier	Primavera Unifier
cve	CVE-2017-9096	CVE-2017-9096	CVE-2017-9096
component	Platform	Platform	Platform
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	H	H	H
cvss3_vuldb_i	H	H	H
cvss3_vuldb_a	H	H	H
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
version	16.1/16.2/17.12/18.8/19.12	16.1/16.2/17.12/18.8/19.12	16.1/16.2/17.12/18.8/19.12
url	https://www.oracle.com/security-alerts/cpuoct2020.html	https://www.oracle.com/security-alerts/cpuoct2020.html	https://www.oracle.com/security-alerts/cpuoct2020.html
date	1603144800 (2020-10-20)	1603144800 (2020-10-20)	1603144800 (2020-10-20)
identifier	Oracle Critical Patch Update Advisory - October 2020	Oracle Critical Patch Update Advisory - October 2020	Oracle Critical Patch Update Advisory - October 2020
name	Upgrade	Upgrade	Upgrade
date	1603144800 (2020-10-20)	1603144800 (2020-10-20)	1603144800 (2020-10-20)
type	Asset Management Software	Asset Management Software	Asset Management Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	C	C	C
cvss2_vuldb_ii	C	C	C
cvss2_vuldb_ai	C	C	C
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	10.0	10.0	10.0
cvss2_vuldb_tempscore	8.7	8.7	8.7
cvss3_vuldb_basescore	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.4	8.4	8.4
cvss3_meta_basescore	8.8	8.8	8.8
cvss3_meta_tempscore	8.4	8.4	8.4
price_0day	$5k-$25k	$5k-$25k	$5k-$25k
cvss2_nvd_basescore	6.8	6.8	6.8
cvss3_nvd_basescore	8.8	8.8	8.8
cve_assigned		1495144800	1495144800
cve_nvd_summary		The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.	The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
confirm_url		https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
cwe	0	0	611 (XML External Entity)
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			N
cvss2_nvd_ac			M
cvss2_nvd_au			N
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P

◂ Previous Przegląd Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!