Resource exhaustion in Oracle Communications_cloud_native_core_console
CVE-2020-14340
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3…
Vulnerability class: DoS (Denial of Service)
EPSS: 0.022 (80.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Oracle Communications_cloud_native_core_console — versions 1.9.0
- Oracle Communications_cloud_native_core_network_repository_function — versions 1.14.0
- Oracle Communications_cloud_native_core_policy — versions 1.14.0
- Oracle Communications_cloud_native_core_security_edge_protection_proxy — versions 1.15.0
- Oracle Communications_cloud_native_core_service_communication_proxy — versions 1.14.0
- Oracle Communications_cloud_native_core_unified_data_repository — versions 1.14.0
- Redhat Jboss_brms — versions 5, 6
- Redhat Jboss_data_grid — versions 6.0.0, 7.0.0
- Redhat Jboss_data_virtualization — versions 6.0.0
- Redhat Jboss_enterprise_application_platform — versions 5.0.0, 6.0.0
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_MISC, Issue Tracking, Vendor Advisory)
- secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC)
- secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-14340?
- CVE-2020-14340 is a medium-severity vulnerability in Oracle Communications_cloud_native_core_console, classified under Uncontrolled Resource Consumption. CVSS score: 5.9/10. Published 2021-06-02.
- How severe is CVE-2020-14340?
- Medium severity. CVSS v3 base score is 5.9 out of 10.