Sign-up

ID

VAR-202010-0305


CVE

CVE-2020-14787


TITLE

Oracle Communications of Oracle Communications Diameter Signaling Router In User Interface Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-009898

DESCRIPTION

Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Trust: 2.34

sources: NVD: CVE-2020-14787 // JVNDB: JVNDB-2020-009898 // CNVD: CNVD-2020-61045 // VULHUB: VHN-167700 // VULMON: CVE-2020-14787

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-61045

AFFECTED PRODUCTS

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.4.0.5

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:eqversion:8.0.0.0 から 8.4.0.5

Trust: 0.8

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0.0,<=8.4.0.5

Trust: 0.6

sources: CNVD: CNVD-2020-61045 // JVNDB: JVNDB-2020-009898 // NVD: CVE-2020-14787

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14787
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2020-14787
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-009898
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-61045
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202010-1049
value: MEDIUM

Trust: 0.6

VULHUB: VHN-167700
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-14787
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-14787
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-009898
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-61045
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-167700
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

secalert_us@oracle.com: CVE-2020-14787
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009898
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-61045 // VULHUB: VHN-167700 // VULMON: CVE-2020-14787 // JVNDB: JVNDB-2020-009898 // CNNVD: CNNVD-202010-1049 // NVD: CVE-2020-14787 // NVD: CVE-2020-14787

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-14787

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1049

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1049

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009898

PATCH
title:Oracle Critical Patch Update Advisory - October 2020url:https://www.oracle.com/security-alerts/cpuoct2020.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - October 2020 Risk Matricesurl:https://www.oracle.com/security-alerts/cpuoct2020verbose.html
Trust: 0.8
title:Patch for Oracle Communications Diameter Signaling Router has unspecified vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/239023
Trust: 0.6
title:Oracle Communications Diameter Signaling Router Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130993
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-61045 // 
            
            
            
            JVNDB: JVNDB-2020-009898 // 
            
            
            
            CNNVD: CNNVD-202010-1049

EXTERNAL IDS
db:NVDid:CVE-2020-14787
Trust: 3.2
db:JVNDBid:JVNDB-2020-009898
Trust: 0.8
db:CNVDid:CNVD-2020-61045
Trust: 0.7
db:NSFOCUSid:50660
Trust: 0.6
db:CNNVDid:CNNVD-202010-1049
Trust: 0.6
db:VULHUBid:VHN-167700
Trust: 0.1
db:VULMONid:CVE-2020-14787
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-61045 // 
            
            
            
            VULHUB: VHN-167700 // 
            
            
            
            VULMON: CVE-2020-14787 // 
            
            
            
            JVNDB: JVNDB-2020-009898 // 
            
            
            
            CNNVD: CNNVD-202010-1049 // 
            
            
            
            NVD: CVE-2020-14787

REFERENCES
url:https://www.oracle.com/security-alerts/cpuoct2020.html
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-14787
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14787
Trust: 0.8
url:https://vigilance.fr/vulnerability/oracle-communications-vulnerabilities-of-october-2020-33638
Trust: 0.6
url:http://www.nsfocus.net/vulndb/50660
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/190105
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-61045 // 
            
            
            
            VULHUB: VHN-167700 // 
            
            
            
            VULMON: CVE-2020-14787 // 
            
            
            
            JVNDB: JVNDB-2020-009898 // 
            
            
            
            CNNVD: CNNVD-202010-1049 // 
            
            
            
            NVD: CVE-2020-14787

SOURCES
db:CNVDid:CNVD-2020-61045
db:VULHUBid:VHN-167700
db:VULMONid:CVE-2020-14787
db:JVNDBid:JVNDB-2020-009898
db:CNNVDid:CNNVD-202010-1049
db:NVDid:CVE-2020-14787

LAST UPDATE DATE
2024-11-23T22:29:28.219000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-61045date:2020-11-08T00:00:00
db:VULHUBid:VHN-167700date:2020-10-27T00:00:00
db:VULMONid:CVE-2020-14787date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2020-009898date:2020-12-11T03:34:19
db:CNNVDid:CNNVD-202010-1049date:2020-11-18T00:00:00
db:NVDid:CVE-2020-14787date:2024-11-21T05:04:09.710

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-61045date:2020-11-08T00:00:00
db:VULHUBid:VHN-167700date:2020-10-21T00:00:00
db:VULMONid:CVE-2020-14787date:2020-10-21T00:00:00
db:JVNDBid:JVNDB-2020-009898date:2020-12-11T03:34:19
db:CNNVDid:CNNVD-202010-1049date:2020-10-20T00:00:00
db:NVDid:CVE-2020-14787date:2020-10-21T15:15:18.907