Multiple vulnerabilities in Oracle Communications Cloud Native Core Policy
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 32 |
| CVE-ID | CVE-2021-3200 CVE-2021-29425 CVE-2020-8554 CVE-2020-29582 CVE-2021-28170 CVE-2021-28169 CVE-2020-14155 CVE-2021-22569 CVE-2021-28168 CVE-2020-15250 CVE-2020-13434 CVE-2021-3572 CVE-2020-16135 CVE-2021-33880 CVE-2020-14340 CVE-2021-2471 CVE-2021-38153 CVE-2021-21409 CVE-2021-39140 CVE-2019-3799 CVE-2021-43797 CVE-2021-44832 CVE-2022-23181 CVE-2020-29363 CVE-2020-8231 CVE-2021-3807 CVE-2020-28196 CVE-2019-18276 CVE-2021-3520 CVE-2021-35574 CVE-2022-22965 CVE-2021-42392 |
| CWE-ID | CWE-20 CWE-22 CWE-190 CWE-399 CWE-200 CWE-377 CWE-476 CWE-203 CWE-208 CWE-444 CWE-94 CWE-264 CWE-119 CWE-825 CWE-674 CWE-273 CWE-502 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #16 is available. Public exploit code for vulnerability #20 is available. Public exploit code for vulnerability #28 is available. Vulnerability #31 is being exploited in the wild. Public exploit code for vulnerability #32 is available. |
| Vulnerable software Subscribe |
Oracle Communications Cloud Native Core Policy Server applications / DLP, anti-spam, sniffers |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 32 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU62515
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3200
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Signaling (libsolv) component in Oracle Communications Cloud Native Core Policy. A local non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU52252
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-29425
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error within the FileNameUtils.normalize method when processing directory traversal sequences, such as "//../foo", or "\..foo". A remote attacker can send a specially crafted request and verify files availability in the parent folder.
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU60104
Risk: Medium
CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8554
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
The vulnerability exists due to improper input validation within the UDR (Kubernetes API) component in Oracle Communications Cloud Native Core Unified Data Repository. A remote authenticated user can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU55164
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-29582
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Signaling (Calico) component in Oracle Communications Cloud Native Core Network Slice Selection Function. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU62513
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28170
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Policy (Jakarta) component in Oracle Communications Cloud Native Core Policy. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU53973
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28169
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information..
The vulnerability exists due to a double decoding issue when parsing URI with certain characters. A remote attacker can send requests to the ConcatServlet and WelcomeFilter and view contents of protected resources within the WEB-INF directory.
Example:
/concat?/%2557EB-INF/web.xml
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU29488
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14155
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow. A remote attacker can pass a large number after a (?C substring, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU60181
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-22569
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application. protobuf-java allowes the interleaving of
com.google.protobuf.UnknownFieldSet fields in such a way that would be
processed out of order. A small malicious payload can occupy the parser
for several minutes by creating large numbers of short-lived objects
that cause frequent, repeated pauses. A remote attacker can trick the victim into passing specially crafted data to the application and perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Information disclosure
EUVDB-ID: #VU52651
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28168
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. A local attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Insecure Temporary File
EUVDB-ID: #VU49330
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-15250
CWE-ID:
CWE-377 - Insecure Temporary File
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the application is using the test rule TemporaryFolder that stores sensitive information in temporary files in the system temporary directory, accessible by other system users. A local user can read temporary files and obtain sensitive information, related to the application.
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Integer overflow
EUVDB-ID: #VU28227
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-13434
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within the sqlite3_str_vappendf() function in printf.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and crash the application.
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU62512
Risk: Medium
CVSSv3.1: 5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3572
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to manipulate data.
The vulnerability exists due to improper input validation within the Policy (python-pip) component in Oracle Communications Cloud Native Core Policy. A remote authenticated user can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU34008
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16135
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in tftpserver.c if ssh_buffer_new returns NULL. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Observable discrepancy
EUVDB-ID: #VU54078
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33880
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to observable timing discrepancy on server when HTTP Basic authentication is enabled with basic_auth_protocol_factory(credentials=...). A remote attacker can guess passwords via timing attack.
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU60097
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14340
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the UDR (XNIO) component in Oracle Communications Cloud Native Core Unified Data Repository. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU57510
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-2471
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote privileged user to read data or crash the application.
The vulnerability exists due to improper input validation within the Connector/J component in MySQL Connectors. A remote privileged user can exploit this vulnerability to read data or crash the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
17) Information Exposure Through Timing Discrepancy
EUVDB-ID: #VU56790
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-38153
CWE-ID:
CWE-208 - Information Exposure Through Timing Discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
the vulnerability exists due to some components in Apache Kafka use "Arrays.equals" to validate a password or key, which is vulnerable to timing attacks. A local user can abuse the "Arrays.equals" to brute force access credentials and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU51837
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21409
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to preform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests in io.netty:netty-codec-http2 in Netty, if the request only uses a single Http2HeaderFrame with the endStream set to to true. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU62511
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-39140
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to a crash the entire system.
The vulnerability exists due to improper input validation within the Policy (XStream) component in Oracle Communications Cloud Native Core Policy. A remote authenticated user can exploit this vulnerability to a crash the entire system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Path traversal
EUVDB-ID: #VU18426
Risk: Medium
CVSSv3.1: 6.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C]
CVE-ID: CVE-2019-3799
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists because the spring-cloud-config-server module of the affected software allows applications to serve static resources from a file system. A remote attacker can send a specially crafted HTTP request and read, overwrite or delete arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
21) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU61810
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-43797
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to preform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when processing control chars present at the beginning / end of the header name. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Code Injection
EUVDB-ID: #VU59098
Risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44832
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote user with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Security restrictions bypass
EUVDB-ID: #VU60079
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23181
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a time of check, time of use flaw when configured to persist sessions using the FileStore. A local user can perform certain actions which lead to security restrictions bypass and privilege escalation (code execution with Tomcat process privileges).
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Buffer overflow
EUVDB-ID: #VU48946
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-29363
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a unspecified boundary error, related to processing of RPC requests. A remote attacker can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Expired pointer dereference
EUVDB-ID: #VU45794
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8231
CWE-ID:
CWE-825 - Expired pointer dereference
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to expired pointer dereference error for CURLOPT_CONNECT_ONLY connections that may lead to information disclosure. If the application is using the CURLOPT_CONNECT_ONLY option to check if the website is accessible, an attacker might abuse this feature and force the application to re-use expired connection and send data intended to another connection to attacker controlled server.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU57967
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3807
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when matching crafted invalid ANSI escape codes in ansi-regex. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Uncontrolled Recursion
EUVDB-ID: #VU48444
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28196
CWE-ID:
CWE-674 - Uncontrolled Recursion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion in MIT Kerberos 5 (aka krb5) implementation when processing ASN.1-encoded Kerberos messages in lib/krb5/asn.1/asn1_encode.c. A remote attacker can pass specially crafted data to the application that uses Kerberos and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper Check for Dropped Privileges
EUVDB-ID: #VU24690
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-18276
CWE-ID:
CWE-273 - Improper Check for Dropped Privileges
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in "disable_priv_mode()" function in shell.c due to the affected software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. A local user with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
29) Integer overflow
EUVDB-ID: #VU53439
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3520
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the fast LZ compression algorithm library. A remote attacker can pass specially crafted archive, trick the victim into opening it, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.14.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper input validation
EUVDB-ID: #VU57475
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-35574
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Outside In Filters component in Oracle Outside In Technology. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Code Injection
EUVDB-ID: #VU61756
Risk: Critical
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2022-22965
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted HTTP request to the affected application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
This vulnerability was dubbed "Spring4Shell".
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0 - 22.1.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
32) Deserialization of Untrusted Data
EUVDB-ID: #VU61937
Risk: Critical
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42392
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the org.h2.util.JdbcUtils.getConnection method. A remote attacker can pass a JNDI driver name and a URL leading to a LDAP or RMI servers and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Policy: 1.15.0
External linkshttp://www.oracle.com/security-alerts/cpuapr2022.html?936689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
