Multiple vulnerabilities in Oracle Communications Unified Inventory Management

CERT-LatestNews ThreatsCybercrime VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesCrypto VulnerabilitiesDBMS VulnerabilitiesNetwork VulnerabilitiesOracle

.

1) Risk: Low. CVSSv3: CVE-ID: CVE-2020-9488. CWE-ID: Exploit availability: No Description. CWE-295 – Improper Certificate Validation The vulnerability allows a remote attacker to perform man-in-the-middle attack. The vulnerability exists due to the Apache Log4j SMTP appender does not validate SSL certificates.