PT-2023-1184 · Oracle · Oracle Communications Converged Application Server

Peter Mularien

Publicado

2023-01-17

Atualizado

2024-09-17

CVE-2023-21890

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Communications Converged Application Server versions 7.1.0 through 8.0.0

Description The issue is related to insufficient input validation in the Core component of the Oracle Communications Converged Application Server, allowing an unauthenticated attacker with network access via UDP to compromise the server. Successful attacks can result in the takeover of the Oracle Communications Converged Application Server.

Recommendations For versions 7.1.0 and 8.0.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-94

Identificadores relacionados

BDU:2023-00407

CVE-2023-21890

ZDI-23-175

Produtos afetados

Oracle Communications Converged Application Server

PT-2023-1184 · Oracle · Oracle Communications Converged Application Server

CVE-2023-21890

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6