Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Repository Function
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2023-26049 CVE-2023-28484 CVE-2023-20863 CVE-2023-23931 CVE-2023-28856 CVE-2022-41881 CVE-2023-27901 CVE-2023-24998 CVE-2022-42898 CVE-2023-20862 |
| CWE-ID | CWE-20 CWE-476 CWE-388 CWE-835 CWE-770 CWE-190 CWE-254 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #8 is available. |
| Vulnerable software Subscribe |
Oracle Communications Cloud Native Core Network Repository Function Server applications / Other server solutions |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU75217
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-26049
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient input validation when parsing cookies. A remote attacker can send a specially crafted HTTP request with a cookie value that starts with a double quote and force the application to read the cookie string until it sees a closing quote. Such behavior can be used to exfiltrate sensitive values from other cookies.
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Network Repository Function: 23.1.1
CPE2.3 External linkshttp://www.oracle.com/security-alerts/cpujul2023.html?947626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU74863
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28484
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in xmlSchemaFixupComplexType. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Network Repository Function: 23.1.1
CPE2.3 External linkshttp://www.oracle.com/security-alerts/cpujul2023.html?947626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU75409
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20863
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can use a specially crafted SpEL expression and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Network Repository Function: 23.1.0
CPE2.3 External linkshttp://www.oracle.com/security-alerts/cpujul2023.html?947626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Error Handling
EUVDB-ID: #VU72036
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23931
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows an attacker to misuse Python API.
The vulnerability exists due to a soundness bug within the Cipher.update_into function, which can allow immutable objects (such as bytes) to be mutated. A malicious programmer can misuse Python API to introduce unexpected behavior into the application.
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Network Repository Function: 22.4.2 - 23.1.0
CPE2.3- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:
- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:
http://www.oracle.com/security-alerts/cpujul2023.html?947626
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU75177
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28856
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Network Repository Function: 23.1.0 - 23.2.0
CPE2.3- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:
- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:
http://www.oracle.com/security-alerts/cpujul2023.html?947626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Infinite loop
EUVDB-ID: #VU70118
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41881
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the HaProxyMessageDecoder when parsing a TLV with type of "PP2_TYPE_SSL". A remote attacker can pass a specially crafted message to consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Network Repository Function: 22.4.2 - 22.4.3
CPE2.3- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:
- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:
http://www.oracle.com/security-alerts/cpujul2023.html?947626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU73194
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27901
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Apache Commons FileUpload does not limit the number of request parts within the StaplerRequest. A remote user can initiate a series of uploads and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Network Repository Function: 22.4.2 - 23.1.0
CPE2.3- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:
- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:
http://www.oracle.com/security-alerts/cpujul2023.html?947626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU72427
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24998
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Apache Commons FileUpload does not limit the number of request parts. A remote attacker can initiate a series of uploads and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Network Repository Function: 22.4.2 - 23.1.0
CPE2.3- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:
- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:
http://www.oracle.com/security-alerts/cpujul2023.html?947626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Integer overflow
EUVDB-ID: #VU69337
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42898
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to an integer overflow within the S4U2Proxy handler on 32-bit systems. A remote user can send specially crafted request to the KDC server, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Network Repository Function: 22.4.2 - 22.4.3
CPE2.3- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:
- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:
http://www.oracle.com/security-alerts/cpujul2023.html?947626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Security features bypass
EUVDB-ID: #VU75408
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20862
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the logout support does not properly clean the security context if using serialized versions. A remote attacker can save an empty security context to the HttpSessionSecurityContextRepository and keep users authenticated even after they performed logout.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Communications Cloud Native Core Network Repository Function: 22.4.2 - 23.1.0
CPE2.3- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:
- cpe:2.3:a:oracle:oracle_communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:
http://www.oracle.com/security-alerts/cpujul2023.html?947626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
