Vulnerability in Oracle Communications Diameter Signaling Router User Interface
CVE-2020-14788

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Communications Diameter Signaling Router (dsr)
Vendor: CVE Published:; 21 October 2020

Summary

A vulnerability exists in the Oracle Communications Diameter Signaling Router (DSR) that allows an unauthenticated attacker with network access via HTTP to compromise the system. While exploiting this vulnerability requires human interaction from a user other than the attacker, it poses significant risks, enabling unauthorized updates, inserts, or deletions of accessible data. Additionally, it allows unauthorized read access to specific DSR data. This vulnerability predominantly affects DSR versions 8.0.0.0 through 8.4.0.5, highlighting the need for immediate attention and remediation for affected users.

Affected Version(s)

Communications Diameter Signaling Router (DSR) 8.0.0.0-8.4.0.5

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020