CVE - Siber Güvenlik

CVE (Common Vulnerabilities and Exposures)

Kariyerim boyunca tespit edip , güvenlik araştırmalarım sonucu ilettiğim ve zafiyetlerin giderilmesine katkı sağladığım zafiyetler.

2019 : Oracle CVE

I discovered a vulnerability at Oracle Service Bus .

/CVE-2019-2576:

Subject: XML ENTITY EXPANSION
CVSSv3.0 Base Score: 5.3
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Credited As: Omur Ugur of Turk Telekom

/CVE-2019-2576:

Subject: XML Entity Expansion Defect in OSB
CVSSv3.0 Base Score: 5.3
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Credited As: Omur Ugur of Turk Telekom

/CVE-2019-2576:

Subject: SOAP IMPLEMENTATION SUBJECT TO XML ENTITY EXPANSION
VULNERABILITY
CVSSv3.0 Base Score: 5.3
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Credited As: Omur Ugur of Turk Telekom

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://nvd.nist.gov/vuln/detail/CVE-2019-2576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2576
https://www.securityfocus.com/bid/107946

2019 : Huawei CVE

I discovered a vulnerability at Huawei product.
Note: Product name and description are not shared due to company confidentiality.

HWPSIRT-2019-05128

HWPSIRT-2019-05129