Oracle Utilities Framework 4.3.0.5.0/4.3.0.6.0/4.4.0.0.0/4.4.0.2.0/4.4.0.3.0 General xml external entity reference

Summaryinfo

A vulnerability categorized as critical has been discovered in Oracle Utilities Framework 4.3.0.5.0/4.3.0.6.0/4.4.0.0.0/4.4.0.2.0/4.4.0.3.0. This affects an unknown part of the component General. Executing a manipulation can lead to an unknown weakness. This vulnerability is tracked as CVE-2020-25649. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability classified as critical was found in Oracle Utilities Framework 4.3.0.5.0/4.3.0.6.0/4.4.0.0.0/4.4.0.2.0/4.4.0.3.0. This vulnerability affects an unknown functionality of the component General. The CWE definition for the vulnerability is CWE-611. The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. As an impact it is known to affect integrity.

The weakness was disclosed 04/21/2021 as Oracle Critical Patch Update Advisory - April 2021. The advisory is shared for download at oracle.com. This vulnerability was named CVE-2020-25649. There are neither technical details nor an exploit publicly available.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• Oracle

Name

• Utilities Framework

Version

• 4.3.0.5.0
• 4.3.0.6.0
• 4.4.0.0.0
• 4.4.0.2.0
• 4.4.0.3.0

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion