admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-147xx/CVE-2020-14788.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

107 lines
4.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-14788",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2020-10-21T15:15:18.983",
"lastModified": "2020-10-26T16:28:48.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Communications Diameter Signaling Router (DSR) de Oracle Communications (componente: User Interface). Las versiones compatibles que est\u00e1n afectadas son 8.0.0.0-8.4.0.5. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Communications Diameter Signaling Router (DSR). Los ataques con \u00e9xito requieren la interacci\u00f3n humana de una persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 en Oracle Communications Diameter Signaling Router (DSR), los ataques pueden impactar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la actualizaci\u00f3n no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Communications Diameter Signaling Router (DSR), as\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Communications Diameter Signaling Router (DSR). CVSS 3.1 Puntuaci\u00f3n Base 6.1 (Impactos de la Confidencialidad e Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0.0",
"versionEndIncluding": "8.4.0.5",
"matchCriteriaId": "12981AA7-BBF6-4158-8F7D-9DD3880FDCC1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink