Main Vulnerability Database Vulnerabilities #VU60098

Improper input validation in Oracle Communications Cloud Native Core Binding Support Function - CVE-2021-3426

Published: January 27, 2022

Vulnerability identifier: #VU60098

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-3426

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Oracle Communications Cloud Native Core Binding Support Function

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Binding Support Function (Python) component in Oracle Communications Cloud Native Core Binding Support Function. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

How to mitigate CVE-2021-3426

Install updates from vendor's website.

Sources

https://www.oracle.com/security-alerts/cpujan2022.html

Improper input validation in Oracle Communications Cloud Native Core Binding Support Function - CVE-2021-3426

Detailed vulnerability description

How to mitigate CVE-2021-3426

Sources

Please verify you're human