cnvd-2020-58766
Vulnerability from cnvd
Title
IBM Oracle REST Data Services信息泄露漏洞
Description
IBM Oracle REST Data Services(ORDS)是美国IBM公司的一个JAVA Web的中间件应用。该中间件可将 Http/Https 等REST接口映射到数据库事务。
Oracle REST Data Services存在信息泄露漏洞,攻击者可利用该漏洞通过HTTP进行网络访问,从而危及Oracle REST数据服务。此漏洞的成功攻击可能导致对关键数据的未授权访问或对所有Oracle REST数据服务可访问数据的完整访问,影响数据的保密性。
Severity
中
VLAI Severity ?
Patch Name
IBM Oracle REST Data Services信息泄露漏洞的补丁
Patch Description
IBM Oracle REST Data Services(ORDS)是美国IBM公司的一个JAVA Web的中间件应用。该中间件可将 Http/Https 等REST接口映射到数据库事务。
Oracle REST Data Services存在信息泄露漏洞,攻击者可利用该漏洞通过HTTP进行网络访问,从而危及Oracle REST数据服务。此漏洞的成功攻击可能导致对关键数据的未授权访问或对所有Oracle REST数据服务可访问数据的完整访问,影响数据的保密性。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.oracle.com/security-alerts/cpuoct2020.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-14744
Impacted products
| Name | ['IBM IBM Oracle REST Data Services 11.2.0.4', 'IBM IBM Oracle REST Data Services 12.1.0.2', 'IBM IBM Oracle REST Data Services 12.2.0.1', 'IBM IBM Oracle REST Data Services 18c', 'IBM IBM Oracle REST Data Services 19c', 'IBM IBM Oracle REST Data Services <20.2.1'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-14744",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-14744"
}
},
"description": "IBM Oracle REST Data Services\uff08ORDS\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u4e2aJAVA Web\u7684\u4e2d\u95f4\u4ef6\u5e94\u7528\u3002\u8be5\u4e2d\u95f4\u4ef6\u53ef\u5c06 Http/Https \u7b49REST\u63a5\u53e3\u6620\u5c04\u5230\u6570\u636e\u5e93\u4e8b\u52a1\u3002\n\nOracle REST Data Services\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7HTTP\u8fdb\u884c\u7f51\u7edc\u8bbf\u95ee\uff0c\u4ece\u800c\u5371\u53caOracle REST\u6570\u636e\u670d\u52a1\u3002\u6b64\u6f0f\u6d1e\u7684\u6210\u529f\u653b\u51fb\u53ef\u80fd\u5bfc\u81f4\u5bf9\u5173\u952e\u6570\u636e\u7684\u672a\u6388\u6743\u8bbf\u95ee\u6216\u5bf9\u6240\u6709Oracle REST\u6570\u636e\u670d\u52a1\u53ef\u8bbf\u95ee\u6570\u636e\u7684\u5b8c\u6574\u8bbf\u95ee\uff0c\u5f71\u54cd\u6570\u636e\u7684\u4fdd\u5bc6\u6027\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.oracle.com/security-alerts/cpuoct2020.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-58766",
"openTime": "2020-10-26",
"patchDescription": "IBM Oracle REST Data Services\uff08ORDS\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u4e2aJAVA Web\u7684\u4e2d\u95f4\u4ef6\u5e94\u7528\u3002\u8be5\u4e2d\u95f4\u4ef6\u53ef\u5c06 Http/Https \u7b49REST\u63a5\u53e3\u6620\u5c04\u5230\u6570\u636e\u5e93\u4e8b\u52a1\u3002\r\n\r\nOracle REST Data Services\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7HTTP\u8fdb\u884c\u7f51\u7edc\u8bbf\u95ee\uff0c\u4ece\u800c\u5371\u53caOracle REST\u6570\u636e\u670d\u52a1\u3002\u6b64\u6f0f\u6d1e\u7684\u6210\u529f\u653b\u51fb\u53ef\u80fd\u5bfc\u81f4\u5bf9\u5173\u952e\u6570\u636e\u7684\u672a\u6388\u6743\u8bbf\u95ee\u6216\u5bf9\u6240\u6709Oracle REST\u6570\u636e\u670d\u52a1\u53ef\u8bbf\u95ee\u6570\u636e\u7684\u5b8c\u6574\u8bbf\u95ee\uff0c\u5f71\u54cd\u6570\u636e\u7684\u4fdd\u5bc6\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "IBM Oracle REST Data Services\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"IBM IBM Oracle REST Data Services 11.2.0.4",
"IBM IBM Oracle REST Data Services 12.1.0.2",
"IBM IBM Oracle REST Data Services 12.2.0.1",
"IBM IBM Oracle REST Data Services 18c",
"IBM IBM Oracle REST Data Services 19c",
"IBM IBM Oracle REST Data Services \u003c20.2.1"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-14744",
"serverity": "\u4e2d",
"submitTime": "2020-10-26",
"title": "IBM Oracle REST Data Services\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…