#VU60098 Improper input validation in Oracle Communications Cloud Native Core Binding Support Function


Published: 2022-01-27

Vulnerability identifier: #VU60098

Vulnerability risk: Medium

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3426

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Oracle Communications Cloud Native Core Binding Support Function
Server applications / Other server solutions

Vendor: Oracle

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Binding Support Function (Python) component in Oracle Communications Cloud Native Core Binding Support Function. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Oracle Communications Cloud Native Core Binding Support Function: 1.10.0

External links
http://www.oracle.com/security-alerts/cpujan2022.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Enterprise SONiC
Multiple vulnerabilities in IBM QRadar Suite software
Multiple vulnerabilities in Dell Unity, Dell UnityVSA, and Dell Unity XT
Multiple vulnerabilities in Dell RecoverPoint Classic
Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Function Cloud Native Environment
Multiple vulnerabilities in cflinuxfs3
Ubuntu update for python2.7
Multiple vulnerabilities in Oracle Communications Cloud Native Core Binding Support Function
SUSE update for python3
SUSE update for python3