Main Vulnerability Database Vulnerabilities #VU60104

Improper input validation in Oracle Communications Cloud Native Core Unified Data Repository - CVE-2020-8554

Published: January 27, 2022

Vulnerability identifier: #VU60104

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-8554

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Oracle Communications Cloud Native Core Unified Data Repository

Detailed vulnerability description

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the UDR (Kubernetes API) component in Oracle Communications Cloud Native Core Unified Data Repository. A remote authenticated user can exploit this vulnerability to read and manipulate data.

How to mitigate CVE-2020-8554

Install updates from vendor's website.

Sources

https://www.oracle.com/security-alerts/cpujan2022.html

Improper input validation in Oracle Communications Cloud Native Core Unified Data Repository - CVE-2020-8554

Detailed vulnerability description

How to mitigate CVE-2020-8554

Sources

Please verify you're human