Critical Patch Update

(Doc ID 2355875.1)

Last updated on MARCH 01, 2018

Applies to:

Oracle Communications Application Session Controller - Version S-E3.7.0 and later
Information in this document applies to any platform.

Symptoms

=== Issue Clarification===

--What--
Product:
Oracle Communications Application Session Controller

Version:
S-E3.7.0

Error:
N/A

Issue;
Received a notice for a critical patch update for the following CVE.:

CVE-2013-2566 Oracle Communications Application Session Controller Security TLS Yes 5.9 Network High None None Un-
changed High None None 3.x

CVE-2013-2566 Vulnerability in the Oracle Communications Application Session Controller component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is 3.x. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Application Session Controller. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Application Session Controller accessible data.


--Where--
Environment:
Production

Platform:
Acme Packet OS

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms