SB20250416106 - Multiple vulnerabilities in Oracle Communications Element Manager

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20250416106

SB20250416106 - Multiple vulnerabilities in Oracle Communications Element Manager

Published: April 16, 2025 Updated: September 17, 2025

Security Bulletin ID SB20250416106
Severity
Critical
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 33% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-6763)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in HttpURI. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.


2) Path traversal (CVE-ID: CVE-2024-38819)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in applications that serve static resources through the functional web frameworks WebMvc.fn or WebFlux.fn. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


3) Input validation error (CVE-ID: CVE-2025-24813)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when handling file uploads via HTTP PUT requests. A remote attacker can send a specially crafted HTTP PUT request to the server and gain access to sensitive information or even execute arbitrary code.

If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:

  • writes enabled for the default servlet (disabled by default)
  • support for partial PUT (enabled by default)
  • a target URL for security sensitive uploads that is a sub-directory of a target URL for public uploads
  • attacker knowledge of the names of security sensitive files being uploaded
  • the security sensitive files also being uploaded via partial PUT

If all of the following were true, a malicious user was able to perform remote code execution:

  • writes enabled for the default servlet (disabled by default)
  • support for partial PUT (enabled by default)
  • application was using Tomcat's file based session persistence with the default storage location
  • application included a library that may be leveraged in a deserialization attack



Remediation

Install update from vendor's website.

References