#VU60104 Improper input validation in Oracle Communications Cloud Native Core Unified Data Repository - CVE-2020-8554 

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU60104

#VU60104 Improper input validation in Oracle Communications Cloud Native Core Unified Data Repository - CVE-2020-8554

Published: January 27, 2022


Vulnerability identifier: #VU60104
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-8554
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
Oracle Communications Cloud Native Core Unified Data Repository
Software vendor:
Oracle

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the UDR (Kubernetes API) component in Oracle Communications Cloud Native Core Unified Data Repository. A remote authenticated user can exploit this vulnerability to read and manipulate data.


Remediation

Install updates from vendor's website.

External links