CVE-2019-2399 : Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) compo

Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).

Published 2019-01-16 19:30:31

Updated 2020-08-24 17:37:01

Source Oracle

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2019-2399

Oracle » Communications Diameter Signaling Router
Versions before (<) 8.3
cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-2399

EPSS FAQ

1.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 76 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-2399

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L	3.9	2.5	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: Low

References for CVE-2019-2399

http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Oracle Critical Patch Update - January 2019
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/106580

Oracle Communications Diameter Signaling Router CVE-2019-2399 Remote Security Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2019-2399

Products affected by CVE-2019-2399

Exploit prediction scoring system (EPSS) score for CVE-2019-2399

CVSS scores for CVE-2019-2399

References for CVE-2019-2399