BDU:2021-06055

BDU

Critical

Уязвимость плагина WS-Addressing среды разработки программного обеспечения gSOAP связана с целочисленным переполнением при обработке SOAP-з…

CVSS

9.8

Critical

EPSS

0.00

Published

2021-01-01

Updated

2021-01-01

Description

Уязвимость плагина WS-Addressing среды разработки программного обеспечения gSOAP связана с целочисленным переполнением при обработке SOAP-запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путем отправки специально созданных HTTP-запросов

Tags · CWE

Pre-auth

Affected products

Genivia inc. GsoapIbm corp. Ibm spectrum protect for virtual environmentsOracle corp. Communications diameter signaling routerOracle corp. Communications eagle lnp application processorOracle corp. Communications eagle lnp application processorOracle corp. Communications eagle lnp application processorOracle corp. Oracle communications lsmsOracle corp. Oracle communications lsmsOracle corp. Oracle communications lsmsOracle corp. Oracle communications lsmsOracle corp. Oracle tekelec virtual operating environment

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

2021-01-01

Published

2021-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected software

Product	Vendor	Status
gsoap	genivia inc.	Tracked
ibm spectrum protect for virtual environments	ibm corp.	Tracked
communications diameter signaling router	oracle corp.	Tracked
communications eagle lnp application processor	oracle corp.	Tracked
communications eagle lnp application processor	oracle corp.	Tracked
communications eagle lnp application processor	oracle corp.	Tracked
oracle communications lsms	oracle corp.	Tracked
oracle communications lsms	oracle corp.	Tracked
oracle communications lsms	oracle corp.	Tracked
oracle communications lsms	oracle corp.	Tracked
oracle tekelec virtual operating environment	oracle corp.	Tracked

Source databases

BDU

Related vulnerabilities

CVE-2021-21783

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21783@http://talosintelligence.com/reports/TALOS-2021-1245@https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245@https://www.oracle.com/security-alerts/cpuoct2021.html@https://nvd.nist.gov/vuln/detail/CVE-2021-21783@https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-is-genivia-gsoap-affect-ibm-spectrum-protect-for-virtual-environments-data-protection-for-vmware-cve-2020-13575-cve-2020-13578-cve-2020-13574-cve-2020-13577-cv-2/