Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter Signaling Router (CVE-2020-14787, CVE-2020-14788)

Vendor: Oracle Vendor URL: https://www.oracle.com/ Versions affected: 8.0.0.0-8.4.0.5 Systems Affected: Oracle Communications Diameter Signaling Router CVE Identifier: CVE-2020-14787 (XSS), CVE-2020-14788 (SQL Injection) Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html Risk: Medium – 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) (SQL injection) Risk: Medium - 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) (Reflected Cross-Site Scripting) Authors: Viktor Gazdag - viktor.gazdag[at]nccgroup[dot]com Ioannis Charalambous - ioannis.charalambous[at]nccgroup[dot]com Summary Based on the Oracle product … Continue reading Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter Signaling Router (CVE-2020-14787, CVE-2020-14788)