A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
2021-03-25T17:15:13.210
2024-11-21T05:48:57.697
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | genivia | gsoap | 2.8.107 | Yes |
| Application | oracle | communications_diameter_signaling_router | ≤ 8.5.0 | Yes |
| Application | oracle | communications_eagle_application_processor | ≤ 16.4.0 | Yes |
| Application | oracle | communications_eagle_lnp_application_processor | 46.7 | Yes |
| Application | oracle | communications_eagle_lnp_application_processor | 46.8 | Yes |
| Application | oracle | communications_eagle_lnp_application_processor | 46.9 | Yes |
| Application | oracle | communications_lsms | 13.1 | Yes |
| Application | oracle | communications_lsms | 13.2 | Yes |
| Application | oracle | communications_lsms | 13.3 | Yes |
| Application | oracle | communications_lsms | 13.4 | Yes |
| Application | oracle | tekelec_virtual_operating_environment | ≤ 3.7.1 | Yes |