Summaryinfo

A vulnerability described as critical has been identified in Oracle Communications Unified Inventory Management 7.3.2/7.3.4/7.3.5/7.4.0/7.4.1. The impacted element is an unknown function of the component BSAFE Crypto-J. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2019-3740. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in Oracle Communications Unified Inventory Management 7.3.2/7.3.4/7.3.5/7.4.0/7.4.1 (Cloud Software) and classified as critical. Affected by this issue is an unknown code block of the component BSAFE Crypto-J. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality.

The weakness was presented 07/20/2021 as Oracle Critical Patch Update Advisory - July 2021. The advisory is shared for download at oracle.com. This vulnerability is handled as CVE-2019-3740. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Cloud Software

Vendor

• Oracle

Name

• Communications Unified Inventory Management

Version

• 7.3.2
• 7.3.4
• 7.3.5
• 7.4.0
• 7.4.1

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion