CVE (Common Vulnerabilities and Exposures)

The weaknesses that I identified throughout my career and conveyed as a result of my security researches and contributed to the elimination of weaknesses.

2020 : Hewlett Packard Enterprise (HPE) CVE

CVE-2019-11997 : HPE Enhanced Internet Usage Manager (eIUM)

A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11997

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03975en_us

2019 : Oracle CVE

I discovered a vulnerability at Oracle Service Bus .

/CVE-2019-2576:

  • Subject: XML ENTITY EXPANSION
  • CVSSv3.0 Base Score: 5.3
  • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • Credited As: Omur Ugur of Turk Telekom

/CVE-2019-2576:

  • Subject: XML Entity Expansion Defect in OSB
  • CVSSv3.0 Base Score: 5.3
  • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • Credited As: Omur Ugur of Turk Telekom

/CVE-2019-2576:

  • Subject: SOAP IMPLEMENTATION SUBJECT TO XML ENTITY EXPANSION
    VULNERABILITY
  • CVSSv3.0 Base Score: 5.3
  • CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • Credited As: Omur Ugur of Turk Telekom
  • https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
  • https://nvd.nist.gov/vuln/detail/CVE-2019-2576
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2576
  • https://www.securityfocus.com/bid/107946

2019 : Huawei CVE

I discovered a vulnerability at Huawei product. 
Note: Product name and description are not shared due to company confidentiality.

  • HWPSIRT-2019-05128
  • HWPSIRT-2019-05129