Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 Platform XML External Entity

entryeditHistoryDiffjsonxmlCTI

I Oracle Primavera Unifier 16.1/16.2/17.12/18.8/19.12 (Asset Management Software) har en kritiskt svag punkt upptäckte. Som påverkar en okänd funktion av komponenten Platform. En uppgradering att åtgärda problemet. En möjlig åtgärd har utfärdats omedelbart efter offentliggörandet.

Field21/11/2020 07:36 AM22/11/2020 09:07 PM22/11/2020 09:14 PM
vendorOracleOracleOracle
namePrimavera UnifierPrimavera UnifierPrimavera Unifier
cveCVE-2017-9096CVE-2017-9096CVE-2017-9096
componentPlatformPlatformPlatform
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version16.1/16.2/17.12/18.8/19.1216.1/16.2/17.12/18.8/19.1216.1/16.2/17.12/18.8/19.12
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date1603144800 (20/10/2020)1603144800 (20/10/2020)1603144800 (20/10/2020)
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date1603144800 (20/10/2020)1603144800 (20/10/2020)1603144800 (20/10/2020)
typeAsset Management SoftwareAsset Management SoftwareAsset Management Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore10.010.010.0
cvss2_vuldb_tempscore8.78.78.7
cvss3_vuldb_basescore8.88.88.8
cvss3_vuldb_tempscore8.48.48.4
cvss3_meta_basescore8.88.88.8
cvss3_meta_tempscore8.48.48.4
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore6.86.86.8
cvss3_nvd_basescore8.88.88.8
cve_assigned14951448001495144800
cve_nvd_summaryThe XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
confirm_urlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_ushttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
cwe00611 (XML External Entity)
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP

Might our Artificial Intelligence support you?

Check our Alexa App!