Text Form of Oracle Critical Patch Update - April 2023 Risk Matrices

 

This document provides the text form of the CPUApr2023 Advisory Risk Matrices. Please note that the CVE IDs in this document correspond to the same CVE IDs in the CPUApr2023 Advisory

This page contains the following text format Risk Matrices:

Text Form of Risk Matrix for Oracle Database Server

This table provides the text form of the Risk Matrix for Oracle Database Server.
 

CVE ID Description
CVE-2022-1471 Security-in-Depth issue in the Oracle SQLcl (SnakeYAML) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-45061 Vulnerability in the Oracle Database OML4PY (Python) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Database OML4PY (Python). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database OML4PY (Python).

CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2022-45143 Security-in-Depth issue in the Oracle Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2023-21918 Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local SYSDBA privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. While the vulnerability is in Oracle Database Recovery Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager.

CVSS 3.1 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21934 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data.

CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-24998 Vulnerability in the Oracle Database Workload Manager (Apache Commons FileUpload) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Database Workload Manager (Apache Commons FileUpload). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Workload Manager (Apache Commons FileUpload).

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-24998 Vulnerability in the Spatial and Graph (Apache Commons Fileupload) component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Spatial and Graph (Apache Commons Fileupload). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Spatial and Graph (Apache Commons Fileupload).

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Big Data Spatial and Graph

This table provides the text form of the Risk Matrix for Oracle Big Data Spatial and Graph.
 

CVE ID Description
CVE-2022-45143 Security-in-Depth issue in Oracle Big Data Spatial and Graph (component: Big Data Graph (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle Blockchain Platform

This table provides the text form of the Risk Matrix for Oracle Blockchain Platform.
 

CVE ID Description
CVE-2020-35169 Vulnerability in Oracle Blockchain Platform (component: BCS Console (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are Prior to 21.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Blockchain Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Blockchain Platform accessible data.

CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in Oracle Blockchain Platform (component: BCS Console (jackson-databind)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-7712 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Apache ZooKeeper)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-23017 Vulnerability in Oracle Blockchain Platform (component: BCS Console (nginx)). Supported versions that are affected are Prior to 21.1.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via UDP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Blockchain Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Blockchain Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Blockchain Platform.

CVSS 3.1 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ]
CVE-2021-23337 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Lodash)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-28168 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Backend (Eclipse Jersey)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-29921 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Python)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-36090 Vulnerability in Oracle Blockchain Platform (component: BCS Console (Apache Commons Compress)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-3918 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (JSON Schema)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-40528 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (libgcrypt)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-41184 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (jQueryUI)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-2048 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-23219 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (glibc)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-23221 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (H2 Database)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-25315 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (LibExpat)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-25647 Vulnerability in Oracle Blockchain Platform (component: BCS Console (Google Gson)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-27404 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (FreeType)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-27782 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (cURL)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-28327 Vulnerability in Oracle Blockchain Platform (component: BCS Console (Golang Go)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Blockchain Platform.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Moment.js)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-3171 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Google Protobuf-Java)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-32215 Vulnerability in Oracle Blockchain Platform (component: BCS Console (Node.js)). Supported versions that are affected are Prior to 21.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Blockchain Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Blockchain Platform accessible data as well as unauthorized read access to a subset of Oracle Blockchain Platform accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-34917 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Apache Kafka)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-38752 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (SnakeYAML)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-40304 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (libxml2)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-41881 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Netty)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-42889 Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (Apache Commons Text)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle Essbase

This table provides the text form of the Risk Matrix for Oracle Essbase.
 

CVE ID Description
CVE-2022-39135 Security-in-Depth issue in Oracle Essbase (component: Build (Apache Calcite)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-46364 Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (Apache CXF)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2023-0215 Vulnerability in Oracle Essbase (component: Build (OpenSSL)). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Essbase.

CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21942 Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21943 Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21944 Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-23916 Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (cURL)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle GoldenGate

This table provides the text form of the Risk Matrix for Oracle GoldenGate.
 

CVE ID Description
CVE-2022-23457 Vulnerability in the Oracle GoldenGate Studio product of Oracle GoldenGate (component: GoldenGate Studio (Enterprise Security API)). The supported version that is affected is Fusion Middleware: 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GoldenGate Studio. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate Studio.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in Oracle GoldenGate (component: Oracle GoldenGate (jackson-databind)). Supported versions that are affected are Prior to 19.1.0.0.230418 and Prior to 21.10.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-45047 Security-in-Depth issue in Oracle GoldenGate (component: Oracle GoldenGate (Apache Mina SSHD)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle Graph Server and Client

This table provides the text form of the Risk Matrix for Oracle Graph Server and Client.
 

CVE ID Description
CVE-2022-42003 Vulnerability in Oracle Graph Server and Client (component: Packaging (jackson-databind)). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Graph Server and Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Graph Server and Client.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Security-in-Depth issue in Oracle Graph Server and Client (component: PGX Java Client (Apache Commons Text)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-45143 Security-in-Depth issue in Oracle Graph Server and Client (component: Packaging (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle NoSQL Database

This table provides the text form of the Risk Matrix for Oracle NoSQL Database.
 

CVE ID Description
CVE-2022-42003 Vulnerability in Oracle NoSQL Database (component: Administration (jackson-databind)). Supported versions that are affected are Prior to 19.5.32. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle NoSQL Database. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle NoSQL Database.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-45047 Security-in-Depth issue in Oracle NoSQL Database (component: Administration (Apache Mina SSHD)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle REST Data Services

This table provides the text form of the Risk Matrix for Oracle REST Data Services.
 

CVE ID Description
CVE-2023-24998 Vulnerability in Oracle REST Data Services (component: Oracle REST Data Services (Apache Commons FileUpload)). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle REST Data Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle REST Data Services.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle SQL Developer

This table provides the text form of the Risk Matrix for Oracle SQL Developer.
 

CVE ID Description
CVE-2022-1471 Security-in-Depth issue in Oracle SQL Developer (component: Installation (SnakeYAML)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-26336 Security-in-Depth issue in Oracle SQL Developer (component: General Infrastructure (Apache POI)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-42003 Vulnerability in Oracle SQL Developer (component: Infrastructure (jackson-databind)). Supported versions that are affected are Prior to 23.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SQL Developer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SQL Developer.

CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Security-in-Depth issue in Oracle SQL Developer (component: Installation (Apache Commons Text)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-42890 Security-in-Depth issue in Oracle SQL Developer (component: General Infrastructure (Apache Batik)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-45047 Security-in-Depth issue in Oracle SQL Developer (component: Installation (Apache Mina SSHD)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2023-21969 Vulnerability in Oracle SQL Developer (component: Installation). Supported versions that are affected are Prior to 23.1.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle SQL Developer executes to compromise Oracle SQL Developer. Successful attacks of this vulnerability can result in takeover of Oracle SQL Developer.

CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-25194 Security-in-Depth issue in Oracle SQL Developer (component: Installation (Apache Kafka)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle TimesTen In-Memory Database

This table provides the text form of the Risk Matrix for Oracle TimesTen In-Memory Database.
 

CVE ID Description
CVE-2022-41715 Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: Oracle TimesTen In-Memory Database (Go)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle Commerce

This table provides the text form of the Risk Matrix for Oracle Commerce.
 

CVE ID Description
CVE-2021-42575 Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform (OWASP Java HTML Sanitizer )). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System, Workbench (Apache Xerces2 Java)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-24729 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench (CKEditor)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-40152 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (Apache CXF)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System, Workbench (jackson-databind)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-45143 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System, Workbench (Apache Tomcat)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Commerce Guided Search accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Communications Applications

This table provides the text form of the Risk Matrix for Oracle Communications Applications.
 

CVE ID Description
CVE-2019-11287 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Pivotal RabbitMQ)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-35168 Vulnerability in the Oracle Communications IP Service Activator product of Oracle Communications Applications (component: Other (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 7.4.0 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Communications IP Service Activator. Successful attacks of this vulnerability can result in takeover of Oracle Communications IP Service Activator.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-7009 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Elasticsearch)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-41183 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Vision (jQueryUI)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-1471 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Vision (SnakeYAML)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-1471 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: TMF APIs (SnakeYAML)). Supported versions that are affected are 7.4.1, 7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-29078 Security-in-Depth issue in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Vision (Embedded JavaScript Templates)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-31081 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (HTTP::Daemon)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-31123 Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common fns (Grafana)). Supported versions that are affected are 12.0.4-12.0.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Convergent Charging Controller executes to compromise Oracle Communications Convergent Charging Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergent Charging Controller.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31123 Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common fns (Grafana)). Supported versions that are affected are 12.0.4-12.0.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Network Charging and Control executes to compromise Oracle Communications Network Charging and Control. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Charging and Control.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Google Protobuf-Java)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-36760 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache HTTP Server)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. While the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Security-in-Depth issue in the Oracle Communications IP Service Activator product of Oracle Communications Applications (component: Other (zlib)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-39271 Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Traefik)). The supported version that is affected is 7.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Order and Service Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-41966 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Security Component (XStream)). Supported versions that are affected are 7.4.0, 7.4.1, 7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42004 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Kafka)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-46908 Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common fns (SQLite)). Supported versions that are affected are 6.0.1.0.0 and 12.0.1.0.0-12.0.6.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Convergent Charging Controller executes to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Convergent Charging Controller accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Convergent Charging Controller accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Convergent Charging Controller.

CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ]
CVE-2022-46908 Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common fns (SQLite)). Supported versions that are affected are 6.0.1.0.0 and 12.0.1.0.0-12.0.6.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Network Charging and Control executes to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Network Charging and Control accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Network Charging and Control accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Network Charging and Control.

CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ]
CVE-2023-0662 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (PHP)). Supported versions that are affected are 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-1370 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Vision (json-smart)). Supported versions that are affected are 5.5.0-5.5.10 and 6.0.0-6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Communications

This table provides the text form of the Risk Matrix for Oracle Communications.
 

CVE ID Description
CVE-2021-37519 Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Patches (memcached)). The supported version that is affected is 12.6.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications User Data Repository executes to compromise Oracle Communications User Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications User Data Repository.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-46848 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (GNU Libtasn1)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy.

CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-1292 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Management (OpenSSL)). The supported version that is affected is 9.1.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-1471 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Core (SnakeYAML)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23491 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Certifi)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Automated Test Suite accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-25315 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (LibExpat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via XMPP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-28199 Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Third Party (Dpdk)). Supported versions that are affected are 9.0 and 9.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP/IP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data.

CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ]
CVE-2022-31123 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (Grafana)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Policy Management executes to compromise Oracle Communications Policy Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the Oracle Communications Services Gatekeeper product of Oracle Communications (component: Third Party (Moment.js)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Services Gatekeeper. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Services Gatekeeper.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31630 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (PHP)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router executes to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router.

CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31630 Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications (component: Management (PHP)). The supported version that is affected is 9.0.1.6.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle SD-WAN Aware executes to compromise Oracle SD-WAN Aware. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle SD-WAN Aware accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Aware.

CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31692 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Authentication (Spring Security)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31692 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: Authentication (Spring Security)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31692 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (Spring Security)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (Google Protobuf-Java)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-35737 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (SQLite)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Communications Core Session Manager product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 8.45 and 9.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Core Session Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Core Session Manager as well as unauthorized update, insert or delete access to some of Oracle Communications Core Session Manager accessible data and unauthorized read access to a subset of Oracle Communications Core Session Manager accessible data.

CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine (glibc)). The supported version that is affected is 5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP/IP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (zlib)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data.

CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Communications Session Router product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Session Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Router as well as unauthorized update, insert or delete access to some of Oracle Communications Session Router accessible data and unauthorized read access to a subset of Oracle Communications Session Router accessible data.

CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Communications Subscriber-Aware Load Balancer product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Subscriber-Aware Load Balancer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Subscriber-Aware Load Balancer as well as unauthorized update, insert or delete access to some of Oracle Communications Subscriber-Aware Load Balancer accessible data and unauthorized read access to a subset of Oracle Communications Subscriber-Aware Load Balancer accessible data.

CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications (component: Routing (zlib)). Supported versions that are affected are 3.3 and 4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Communications Broker as well as unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data and unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data.

CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Enterprise Session Router product of Oracle Communications (component: Routing (zlib)). The supported version that is affected is 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Session Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Session Router as well as unauthorized update, insert or delete access to some of Oracle Enterprise Session Router accessible data and unauthorized read access to a subset of Oracle Enterprise Session Router accessible data.

CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ]
CVE-2022-37865 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Apache Ivy)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Automated Test Suite accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite.

CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-38752 Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (SnakeYAML)). Supported versions that are affected are 22.3.0 and 22.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-38752 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (SnakeYAML)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-40151 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (XStream)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-40304 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (libxml2)). Supported versions that are affected are 22.4.0-22.4.4, 23.1.0 and 23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-40304 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (libxml2)). The supported version that is affected is 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-41881 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (Netty)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-41966 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (XStream)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-41966 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (XStream)). Supported versions that are affected are 22.4.0 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-41966 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (XStream)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Install/Upgrade (jackson-databind)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (jackson-databind)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (jackson-databind)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (jackson-databind)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (jackson-databind)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42252 Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Tomcat)). The supported version that is affected is 22.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Management Cloud Engine accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-42898 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Installation and Configuration (Kerberos)). Supported versions that are affected are 23.1.0 and 22.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-43401 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Jenkins Script Security)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. While the vulnerability is in Oracle Communications Cloud Native Core Automated Test Suite, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite.

CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-43402 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Jenkins)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. While the vulnerability is in Oracle Communications Cloud Native Core Automated Test Suite, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite.

CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-4415 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (systemd)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Policy executes to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Policy accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-45047 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: Installation (Apache Mina SSHD)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-45047 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (Apache Mina SSHD)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-45047 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (Apache Mina SSHD)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-45047 Vulnerability in the Management Cloud Engine product of Oracle Communications (component: BEServer (Apache Mina SSHD)). The supported version that is affected is 22.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in takeover of Management Cloud Engine.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-45143 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (Apache Tomcat)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Binding Support Function accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-45143 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-45143 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (Apache Tomcat)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Element Manager accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-45143 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (Apache Tomcat)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Session Report Manager accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-45143 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Internal tools (Apache Tomcat)). The supported version that is affected is 9.1.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SD-WAN Edge accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-46364 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (Apache CXF)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-46364 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: SOAP (Apache CXF)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-46364 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: SOAP (Apache CXF)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-47629 Vulnerability in the Oracle Communications Cloud Native Configuration Console product of Oracle Communications (component: Configuration (libksba)). The supported version that is affected is 22.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Configuration Console. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Configuration Console.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-47629 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Oracle Linux (libksba)). The supported version that is affected is 22.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-47629 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (libksba)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-47629 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (libksba)). The supported version that is affected is 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-47629 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (libksba)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-0361 Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installer (GnuTLS)). The supported version that is affected is 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Repository Function accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-23916 Vulnerability in the Oracle Communications Cloud Native Configuration Console product of Oracle Communications (component: Configuration (cURL)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Configuration Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Configuration Console.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-23916 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Oracle Linux (cURL)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-23916 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (cURL)). Supported versions that are affected are 23.1.0 and 22.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-23916 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (cURL)). The supported version that is affected is 22.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-23931 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Cryptography)). The supported version that is affected is 22.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Network Exposure Function accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Network Exposure Function.

CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). ( legend ) [ Advisory ]
CVE-2023-23931 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Installation and Configuration (Cryptography)). Supported versions that are affected are 22.4.0 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). ( legend ) [ Advisory ]
CVE-2023-24998 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Apache Commons FileUpload)). Supported versions that are affected are 22.4.2 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-24998 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Apache Commons FileUpload)). Supported versions that are affected are 23.1.0 and 22.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-24998 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (Apache Commons FileUpload)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-24998 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (Apache Commons FileUpload)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Report Manager.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-25577 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Werkzeug)). Supported versions that are affected are 22.4.0-22.4.4 and 23.1.0-23.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-25613 Vulnerability in the Oracle Communications Cloud Native Configuration Console product of Oracle Communications (component: Configuration (Apache Kerby)). Supported versions that are affected are 22.4.1 and 23.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Configuration Console. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Configuration Console.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-25690 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: FEServer (Apache HTTP Server)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-25690 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: FEServer (Apache HTTP Server)). Supported versions that are affected are 9.0.0 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Session Report Manager.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-28708 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Core (Apache Tomcat)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Policy Management accessible data.

CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Construction and Engineering

This table provides the text form of the Risk Matrix for Oracle Construction and Engineering.
 

CVE ID Description
CVE-2021-23413 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: User Interface (JSZip)). Supported versions that are affected are 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.14 and 22.12.0-22.12.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier.

CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2022-27404 Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Document Viewing using Outside In technology (FreeType)). Supported versions that are affected are 18.8.0-18.8.26, 19.12.0-19.12.21, 20.12.0-20.12.18, 21.12.0-21.12.12 and 22.12.0-22.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in takeover of Primavera P6 Enterprise Project Portfolio Management.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-27404 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (FreeType)). Supported versions that are affected are 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.14 and 22.12.0-22.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera Unifier.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-36033 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: User Interface (jsoup)). Supported versions that are affected are 18.8.0-18.8.18, 19.12.0-19.12.16, 20.12.0-20.12.16, 21.12.0-21.12.14 and 22.12.0-22.12.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle E-Business Suite

This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
 

CVE ID Description
CVE-2023-21959 Vulnerability in the Oracle iReceivables product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iReceivables. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iReceivables accessible data.

CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21973 Vulnerability in the Oracle iProcurement product of Oracle E-Business Suite (component: E-Content Manager Catalog). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iProcurement. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iProcurement, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iProcurement accessible data as well as unauthorized read access to a subset of Oracle iProcurement accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21978 Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: GUI). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library.

CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). ( legend ) [ Advisory ]
CVE-2023-21997 Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle User Management accessible data.

CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Enterprise Manager

This table provides the text form of the Risk Matrix for Oracle Enterprise Manager.
 

CVE ID Description
CVE-2021-36374 Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Ant)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Application Testing Suite executes to compromise Oracle Application Testing Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-40690 Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Santuario XML Security For Java)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Load Testing for Web Apps (Apache Xerces2 Java)). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Application Testing Suite. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Testing Suite.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-41966 Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (XStream)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Ops Center.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Financial Services Applications

This table provides the text form of the Risk Matrix for Oracle Financial Services Applications.
 

CVE ID Description
CVE-2019-12415 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache POI)). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Revenue Management and Billing executes to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2020-11988 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache XML Graphics Commons)). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data.

CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-29425 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Commons IO)). Supported versions that are affected are 2.7, 2.8, 2.9, 3.0, 3.1, 3.2 and 4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data.

CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-36090 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Commons Compress)). Supported versions that are affected are 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Revenue Management and Billing.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (jQueryUI)). Supported versions that are affected are 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Analytical Applications Reconciliation Framework product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.0.7.1.2 and 8.1.1.1.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Reconciliation Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Reconciliation Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Reconciliation Framework accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Asset Liability Management product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Asset Liability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Asset Liability Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Asset Liability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Asset Liability Management accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Balance Computation Engine product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.1.1.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Balance Computation Engine. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Balance Computation Engine, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Balance Computation Engine accessible data as well as unauthorized read access to a subset of Oracle Financial Services Balance Computation Engine accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Balance Sheet Planning product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.8.1.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Balance Sheet Planning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Balance Sheet Planning, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Balance Sheet Planning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Balance Sheet Planning accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Data Governance for US Regulatory Reporting product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.1.2.0 and 8.1.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Data Governance for US Regulatory Reporting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Data Governance for US Regulatory Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Data Governance for US Regulatory Reporting accessible data as well as unauthorized read access to a subset of Oracle Financial Services Data Governance for US Regulatory Reporting accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Data Integration Hub product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.1.0.1.4, 8.1.2.2.1 and 8.0.7.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Data Integration Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Data Integration Hub, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Data Integration Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Data Integration Hub accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.0.7.3.1 and 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Enterprise Financial Performance Analytics product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Enterprise Financial Performance Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Enterprise Financial Performance Analytics, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Enterprise Financial Performance Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Enterprise Financial Performance Analytics accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Funds Transfer Pricing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Funds Transfer Pricing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Funds Transfer Pricing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Funds Transfer Pricing accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.0.7.8.1 and 8.0.8.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Loan Loss Forecasting and Provisioning, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data as well as unauthorized read access to a subset of Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Institutional Performance Analytics product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Institutional Performance Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Institutional Performance Analytics, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Institutional Performance Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Institutional Performance Analytics accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Liquidity Risk Measurement and Management product of Oracle Financial Services Applications (component: Application (jQueryUI)). Supported versions that are affected are 8.0.7.3.1 and 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Measurement and Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Liquidity Risk Measurement and Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Liquidity Risk Measurement and Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Liquidity Risk Measurement and Management accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Profitability Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Financial Services Retail Performance Analytics product of Oracle Financial Services Applications (component: Application (jQueryUI)). The supported version that is affected is 8.0.7.8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Retail Performance Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Retail Performance Analytics, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Retail Performance Analytics accessible data as well as unauthorized read access to a subset of Oracle Financial Services Retail Performance Analytics accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-43859 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (XStream)). Supported versions that are affected are 2.7, 2.7.1, 2.8, 2.9, 2.9, 2.9.1, 3.0, 3.1, 3.2 and 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Revenue Management and Billing.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2048 Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Eclipse Jetty)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Framework)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22978 Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Security)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Corporate Lending Process Management.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-22979 Vulnerability in the Oracle Banking Corporate Lending Process Management product of Oracle Financial Services Applications (component: Base (Spring Cloud Function)). Supported versions that are affected are 14.4-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending Process Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending Process Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Xerces2 Java)). Supported versions that are affected are 2.7, 2.7.1, 2.8, 2.9, 2.9.1, 3.0, 3.1, 3.2 and 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Revenue Management and Billing.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-24839 Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Securities (NekoHTML)). Supported versions that are affected are 11.6, 11.7, 11.8, 11.10 and 11.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Core Banking.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Google Gson)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core (Google Gson)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Google Gson)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Infrastructure (Google Gson)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure (Google Gson)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infra Code (Google Gson)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Treasury Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (Google Gson)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-29577 Vulnerability in the Oracle Financial Services Regulatory Reporting with AgileREPORTER product of Oracle Financial Services Applications (component: Application (AntiSamy)). The supported version that is affected is 8.1.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting with AgileREPORTER. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Regulatory Reporting with AgileREPORTER, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Regulatory Reporting with AgileREPORTER accessible data as well as unauthorized read access to a subset of Oracle Financial Services Regulatory Reporting with AgileREPORTER accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core (Google Protobuf-Java)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Corporate Lending.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Infrastructure (Google Protobuf-Java)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure (Google Protobuf-Java)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Trade Finance.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infra Code (Google Protobuf-Java)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Treasury Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (Google Protobuf-Java)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle FLEXCUBE Universal Banking.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-34169 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Xalan-Java)). Supported versions that are affected are 2.7, 2.7.1, 2.8, 2.9, 2.9.1, 3.0, 3.1, 3.2 and 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-36033 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (jsoup)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Digital Experience, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Digital Experience accessible data as well as unauthorized read access to a subset of Oracle Banking Digital Experience accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-36033 Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure (jsoup)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-36033 Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infrastructure (jsoup)). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Treasury Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Treasury Management accessible data as well as unauthorized read access to a subset of Oracle Banking Treasury Management accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-36033 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure (jsoup)). Supported versions that are affected are 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-38752 Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Application (SnakeYAML)). Supported versions that are affected are 8.1.0.0 and 8.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Model Management and Governance.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-40146 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Infrastructure (Apache Batik)). Supported versions that are affected are 2.7, 2.7.1, 2.8, 2.9, 2.9.1, 3.0, 3.1, 3.2 and 4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-41881 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Netty)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (jackson-databind)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (jackson-databind)). Supported versions that are affected are 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application (jackson-databind)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Behavior Detection Platform.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Financial Services Enterprise Case Management product of Oracle Financial Services Applications (component: Application (jackson-databind)). Supported versions that are affected are 8.1.2.4, 8.1.2.3, 8.1.1.1 and 8.0.8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Enterprise Case Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Enterprise Case Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42252 Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Application (Apache Tomcat)). Supported versions that are affected are 8.1.0.0 and 8.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Model Management and Governance accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Application (Apache Commons Text)). The supported version that is affected is 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Compliance Studio.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42890 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache Batik)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Digital Experience accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-42890 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (Apache Batik)). Supported versions that are affected are 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-43680 Vulnerability in the Oracle Financial Services Currency Transaction Reporting product of Oracle Financial Services Applications (component: Application (LibExpat)). Supported versions that are affected are 8.0.8.1.0, 8.1.1.1.0, 8.1.2.3.0 and 8.1.2.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Currency Transaction Reporting. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Currency Transaction Reporting.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-43680 Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Third Party (LibExpat)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Behavior Detection Platform.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-43680 Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: Application (LibExpat)). The supported version that is affected is 8.0.8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-46364 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache CXF)). Supported versions that are affected are 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in takeover of Oracle Banking Digital Experience.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-46908 Vulnerability in the Oracle Financial Services Compliance Studio product of Oracle Financial Services Applications (component: Application (SQLite)). The supported version that is affected is 8.1.2.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Compliance Studio executes to compromise Oracle Financial Services Compliance Studio. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Compliance Studio accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Compliance Studio accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Compliance Studio.

CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ]
CVE-2023-21902 Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application). The supported version that is affected is 8.0.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Behavior Detection Platform accessible data.

CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21903 Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Internal Tfr Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Virtual Account Management.

CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L). ( legend ) [ Advisory ]
CVE-2023-21904 Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Virtual Account Management.

CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L). ( legend ) [ Advisory ]
CVE-2023-21905 Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Routing Hub). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Virtual Account Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21906 Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: SMS Module). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Virtual Account Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21907 Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management.

CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H). ( legend ) [ Advisory ]
CVE-2023-21908 Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management.

CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H). ( legend ) [ Advisory ]
CVE-2023-21915 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Book/Internal Transfer). Supported versions that are affected are 14.5, 14.6 and 14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data.

CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-24998 Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Apache Commons FileUpload)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking APIs.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-24998 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache Commons FileUpload)). Supported versions that are affected are 18.2, 18.3, 19.1, 19.2, 21.1, 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Digital Experience.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-25194 Vulnerability in the Oracle Banking APIs product of Oracle Financial Services Applications (component: IDM - Authentication (Apache Kafka)). Supported versions that are affected are 22.1 and 22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking APIs. Successful attacks of this vulnerability can result in takeover of Oracle Banking APIs.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-25194 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: UI General (Apache Kafka)). Supported versions that are affected are 22.1 and 22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks of this vulnerability can result in takeover of Oracle Banking Digital Experience.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-25194 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure (Apache Kafka)). Supported versions that are affected are 8.0.7.0, 8.0.8.0, 8.0.9.0, 8.1.0.0, 8.1.1.0, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-25194 Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application (Apache Kafka)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Behavior Detection Platform.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-25194 Vulnerability in the Oracle Financial Services Regulatory Reporting product of Oracle Financial Services Applications (component: Application (Apache Kafka)). Supported versions that are affected are 8.0.8.1, 8.1.1.1, 8.1.2.3 and 8.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Regulatory Reporting. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Regulatory Reporting.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-28708 Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (Apache Tomcat)). The supported version that is affected is 8.0.8.3.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Management Studio accessible data.

CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Fusion Middleware

This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
 

CVE ID Description
CVE-2018-14371 Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces (Eclipse Mojarra)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle JDeveloper accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2019-20916 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Third Party (Jython)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Access Manager.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-13954 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Samples (Apache CXF)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2020-25638 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core (JBoss Enterprise Application Platform)). The supported version that is affected is 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]
CVE-2020-6950 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Eclipse Mojarra)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-22569 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Google Protobuf-Java)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-31684 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (json-smart)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-34798 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-36090 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Apache Commons Compress)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-36374 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Ant)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Middleware Common Libraries and Tools executes to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-37533 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Remote Diagnostic Agent (Apache Commons Net)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Middleware Common Libraries and Tools accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-22965 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Third Party (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Data Integrator.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-22965 Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: MFT Runtime Server (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in takeover of Oracle Managed File Transfer.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-29599 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Maven)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31160 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console (jQueryUI)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 3.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-33980 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Commons Configuration)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-34305 Vulnerability in the Oracle Managed File Transfer product of Oracle Fusion Middleware (component: MFT Runtime Server (Apache Tomcat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Managed File Transfer, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Managed File Transfer accessible data as well as unauthorized read access to a subset of Oracle Managed File Transfer accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-36033 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Process Management Suite, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Process Management Suite accessible data as well as unauthorized read access to a subset of Oracle Business Process Management Suite accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-36033 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Middleware Common Libraries and Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Middleware Common Libraries and Tools accessible data as well as unauthorized read access to a subset of Oracle Middleware Common Libraries and Tools accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-36033 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (jsoup)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (zlib)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-40149 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Build Scripts (Jettison)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Access Manager.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-40151 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (XStream)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-40152 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (XStream)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-40304 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (libxml2)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle HTTP Server executes to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-41881 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core (Netty)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-41881 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Netty)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-41966 Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Security (XStream)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SOA Suite.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Process Management Suite.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core (jackson-databind)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Installer (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (jackson-databind)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42890 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-42890 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Middleware Common Libraries and Tools accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-43551 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (cURL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-45047 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (Apache Mina SSHD)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in takeover of Oracle Business Process Management Suite.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-45685 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Jettison)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-45693 Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Third Party (Jettison)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Identity Manager.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-46908 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Third Party (SQLite)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Outside In Technology accessible data as well as unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ]
CVE-2023-21931 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21956 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21960 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). ( legend ) [ Advisory ]
CVE-2023-21964 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21979 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21996 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-22899 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Third Party (Zip4j)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data.

CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-24998 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party (Apache Commons FileUpload)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-24998 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-24998 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Third Party (Apache Commons FileUpload)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Analytics

This table provides the text form of the Risk Matrix for Oracle Analytics.
 

CVE ID Description
CVE-2018-1000656 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Machine Learning (Flask)). The supported version that is affected is 6.4.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 4.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2019-10086 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache Commons BeanUtils)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). ( legend ) [ Advisory ]
CVE-2019-10172 Security-in-Depth issue in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BIInfer (Jackson-mapper-asl)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2020-28052 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web General (Bouncy Castle Java Library)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-23926 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer (Apache POI)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 7.3 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-27568 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Application Archive (json-smart)). The supported version that is affected is 6.4.0.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-36090 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Content Storage Service (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-4048 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Machine Learning (OpenBLAS)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-40690 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (Apache CXF)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-1587 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (PCRE2)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31160 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin (jQueryUI)). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-32215 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Lifecycle (Node.js)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.

CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-34169 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: JAXP (Apache Xalan-J)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition and unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (zlib)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server (jackson-databind)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Application Archive (Apache Commons Text)). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21910 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web General). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21941 Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data.

CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21952 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.

CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21965 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.

CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21970 Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data.

CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Health Sciences Applications

This table provides the text form of the Risk Matrix for Oracle Health Sciences Applications.
 

CVE ID Description
CVE-2019-18935 Vulnerability in the Oracle Argus Insight product of Oracle Health Sciences Applications (component: Core (Telerik UI for ASP.NET AJAX)). Supported versions that are affected are Prior to 8.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Insight. Successful attacks of this vulnerability can result in takeover of Oracle Argus Insight.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2019-18935 Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Core (Telerik UI for ASP.NET AJAX)). Supported versions that are affected are Prior to 8.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in takeover of Oracle Argus Safety.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core (jQueryUI)). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Health Sciences InForm, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Health Sciences InForm accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21921 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Health Sciences InForm accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21922 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data.

CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21923 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm.

CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ]
CVE-2023-21924 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Health Sciences InForm, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Health Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Health Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm.

CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). ( legend ) [ Advisory ]
CVE-2023-21925 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Health Sciences InForm.

CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2023-21926 Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Health Sciences InForm executes to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21993 Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications (component: Forms). The supported version that is affected is 5.4.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Clinical Remote Data Capture. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Clinical Remote Data Capture accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle HealthCare Applications

This table provides the text form of the Risk Matrix for Oracle HealthCare Applications.
 

CVE ID Description
CVE-2022-1471 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (SnakeYAML)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Translational Research.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (Google Protobuf-Java)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3479 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (NSS)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: User Interface (jackson-databind)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Healthcare Foundation product of Oracle HealthCare Applications (component: Self Service Analytics (Apache Commons Text)). Supported versions that are affected are 8.1.0, 8.1.1, 8.2.0, 8.2.1 and 8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Foundation.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Healthcare Master Person Index product of Oracle HealthCare Applications (component: Self Service Analytics (Apache Commons Text)). Supported versions that are affected are 5.0.0-5.0.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Master Person Index. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Master Person Index.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42898 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (Kerberos)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Translational Research.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-46908 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (SQLite)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Healthcare Translational Research executes to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Healthcare Translational Research accessible data as well as unauthorized access to critical data or complete access to all Oracle Healthcare Translational Research accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Healthcare Translational Research.

CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). ( legend ) [ Advisory ]
CVE-2023-23914 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (cURL)). Supported versions that are affected are 4.1.0 and 4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Healthcare Translational Research accessible data as well as unauthorized access to critical data or complete access to all Oracle Healthcare Translational Research accessible data.

CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-25136 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: DataStudio (OpenSSH)). Supported versions that are affected are 4.1.0 and 4.1.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research as well as unauthorized update, insert or delete access to some of Oracle Healthcare Translational Research accessible data.

CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Hospitality Applications

This table provides the text form of the Risk Matrix for Oracle Hospitality Applications.
 

CVE ID Description
CVE-2023-21932 Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. While the vulnerability is in Oracle Hospitality OPERA 5 Property Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality OPERA 5 Property Services.

CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Hyperion

This table provides the text form of the Risk Matrix for Oracle Hyperion.
 

CVE ID Description
CVE-2021-36374 Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache Ant)). The supported version that is affected is 11.2.12. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hyperion Infrastructure Technology executes to compromise Oracle Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hyperion Infrastructure Technology.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-27404 Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Installation (FreeType)). The supported version that is affected is 11.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Hyperion Financial Reporting. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Financial Reporting.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle iLearning

This table provides the text form of the Risk Matrix for Oracle iLearning.
 

CVE ID Description
CVE-2020-17521 Vulnerability in Oracle iLearning (component: Installation (Apache Groovy)). The supported version that is affected is 6.3.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle iLearning executes to compromise Oracle iLearning. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-2351 Vulnerability in Oracle iLearning (component: Installation (JDBC)). The supported version that is affected is 6.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle iLearning.

CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in Oracle iLearning (component: Installation (Apache Xerces2 Java)). The supported version that is affected is 6.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle iLearning.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Insurance Applications

This table provides the text form of the Risk Matrix for Oracle Insurance Applications.
 

CVE ID Description
CVE-2019-10086 Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (Apache Commons BeanUtils)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data as well as unauthorized read access to a subset of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity.

CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). ( legend ) [ Advisory ]
CVE-2020-11987 Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (Apache Batik)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data as well as unauthorized update, insert or delete access to some of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data.

CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). ( legend ) [ Advisory ]
CVE-2020-25649 Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (jackson-databind)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2020-35168 Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0 and 12.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-35043 Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (AntiSamy)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Insurance Policy Administration Operational Data Store for Life and Annuity, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data as well as unauthorized read access to a subset of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-22965 Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Insurance Applications (component: Logger (Spring Framework)). The supported version that is affected is 1.0.1.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in takeover of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-27404 Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (FreeType)). Supported versions that are affected are 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0 and 12.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in takeover of Oracle Documaker.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (jackson-databind)). Supported versions that are affected are 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0 and 12.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-24998 Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (Apache Commons FileUpload)). Supported versions that are affected are 12.6.0.0.0, 12.6.2.0.0-12.6.4.0.0, 12.7.0.0.0 and 12.7.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Java SE

This table provides the text form of the Risk Matrix for Oracle Java SE.
 

CVE ID Description
CVE-2023-21930 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21937 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21938 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21939 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21954 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21967 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21968 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21986 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition.

CVSS 3.1 Base Score 5.7 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L). ( legend ) [ Advisory ]
CVE-2023-23918 Security-in-Depth issue in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Node (Node.js)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle JD Edwards

This table provides the text form of the Risk Matrix for Oracle JD Edwards.
 

CVE ID Description
CVE-2018-1311 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure (Apache Xerces-C++)). Supported versions that are affected are Prior to 9.2.7.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-15250 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC (jUnit)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2020-8908 Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (Google Guava)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where JD Edwards EnterpriseOne Orchestrator executes to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data.

CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-30129 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC (Apache Mina SSHD)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-36373 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Deployment SEC (Apache Ant)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-41973 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC (Apache Mina)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21824 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: E1 Dev Platform Tech - Cloud Manager (Node.js)). Supported versions that are affected are Prior to 9.2.7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools as well as unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data.

CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H). ( legend ) [ Advisory ]
CVE-2022-2274 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (OpenSSL)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-2274 Vulnerability in the JD Edwards World Security product of Oracle JD Edwards (component: World Software Security (OpenSSL)). The supported version that is affected is A9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards World Security. Successful attacks of this vulnerability can result in takeover of JD Edwards World Security.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-25857 Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (jruby)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Orchestrator.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-28738 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: E1 Dev Platform Tech - Cloud Manager (Ruby)). Supported versions that are affected are Prior to 9.2.7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC (jackson-databind)). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21927 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data.

CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21936 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle MySQL

This table provides the text form of the Risk Matrix for Oracle MySQL.
 

CVE ID Description
CVE-2022-31160 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: Server (jQueryUI)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data as well as unauthorized read access to a subset of MySQL Enterprise Monitor accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-37434 Security-in-Depth issue in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (zlib)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-37434 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB (zlib)). Supported versions that are affected are 5.7.41 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-43548 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module (Node.js)). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in takeover of MySQL Cluster.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-43551 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (cURL)). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-45143 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-0215 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-0215 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-0215 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-0215 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-0215 Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (OpenSSL)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21911 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21912 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.41 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21913 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21917 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21919 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21920 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21929 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.

CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). ( legend ) [ Advisory ]
CVE-2023-21933 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21935 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21940 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21945 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21946 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21947 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21953 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21955 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21962 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21963 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.

CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2023-21966 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21971 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ]
CVE-2023-21972 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21976 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21977 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21980 Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server.

CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21982 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle PeopleSoft

This table provides the text form of the Risk Matrix for Oracle PeopleSoft.
 

CVE ID Description
CVE-2020-14343 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (PyYAML)). Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-37533 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker (Apache Commons Net)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-34169 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker (Apache Xalan-Java)). The supported version that is affected is 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-36033 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (jsoup)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-41881 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Netty)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-45047 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Webserver (Apache Mina SSHD)). The supported version that is affected is 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-45685 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (Jettison)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21916 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Web Server). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21981 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.

CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21992 Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Administer Workforce). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Retail Applications

This table provides the text form of the Risk Matrix for Oracle Retail Applications.
 

CVE ID Description
CVE-2020-35168 Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications (component: RPAS Server (Dell BSAFE Micro Edition Suite)). Supported versions that are affected are 15.0.3 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Predictive Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Retail Predictive Application Server.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in the Oracle Retail Invoice Matching product of Oracle Retail Applications (component: Security (Apache Log4j)). Supported versions that are affected are 15.0.3 and 16.0.3. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Invoice Matching. Successful attacks of this vulnerability can result in takeover of Oracle Retail Invoice Matching.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in the Oracle Retail Price Management product of Oracle Retail Applications (component: Security (Apache Log4j)). Supported versions that are affected are 14.1.3.2, 15.0.3.1 and 16.0.3. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Price Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Price Management.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (Spring Framework)). Supported versions that are affected are 18.0.0.12 and 19.0.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Management and Segmentation Foundation.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Retail Fiscal Management product of Oracle Retail Applications (component: Security (Spring Framework)). The supported version that is affected is 14.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Fiscal Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Fiscal Management.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Spring Framework)). Supported versions that are affected are 17.0.6, 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23181 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Tomcat)). Supported versions that are affected are 17.0.6, 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Xstore Point of Service executes to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service.

CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Xerces2 Java)). The supported version that is affected is 17.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (Google Protobuf-Java)). Supported versions that are affected are 18.0.0.12 and 19.0.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Management and Segmentation Foundation.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-33980 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Commons Configuration)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-36033 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (jsoup)). Supported versions that are affected are 18.0.0.12 and 19.0.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications (component: RPAS Server (zlib)). Supported versions that are affected are 15.0.3 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Predictive Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Retail Predictive Application Server.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-41966 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (XStream)). Supported versions that are affected are 17.0.6, 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (jackson-databind)). Supported versions that are affected are 18.0.0.12 and 19.0.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Management and Segmentation Foundation.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Foundation (jackson-databind)). The supported version that is affected is 15.0.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Merchandising System.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Retail Sales Audit product of Oracle Retail Applications (component: others (jackson-databind)). The supported version that is affected is 15.0.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Sales Audit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Sales Audit.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (jackson-databind)). Supported versions that are affected are 17.0.6, 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Xstore Point of Service.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Security (Apache Commons Text)). Supported versions that are affected are 16.0.2 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in takeover of Oracle Retail Merchandising System.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Retail Xstore Office Cloud Service product of Oracle Retail Applications (component: DB, Perf, etc (Apache Commons Text)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office Cloud Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Office Cloud Service.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale (Apache Commons Text)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Xenvironment (Apache Commons Text)). Supported versions that are affected are 18.0.5, 19.0.4, 20.0.3 and 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in takeover of Oracle Retail Xstore Point of Service.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-45047 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations (Apache Mina SSHD)). The supported version that is affected is 19.0.0.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Siebel CRM

This table provides the text form of the Risk Matrix for Oracle Siebel CRM.
 

CVE ID Description
CVE-2020-7712 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Loging (Apache ZooKeeper)). Supported versions that are affected are 22.5 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in takeover of Siebel CRM.

CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-3712 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core - Server Infrastructure (OpenSSL)). Supported versions that are affected are 22.10 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel CRM accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM.

CVSS 3.1 Base Score 7.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-37695 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Open UI (CKEditor)). Supported versions that are affected are 21.10 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel CRM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel CRM accessible data as well as unauthorized read access to a subset of Siebel CRM accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: EAI (jackson-databind)). Supported versions that are affected are 23.2 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel CRM.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42252 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Services (Apache Tomcat)). Supported versions that are affected are 23.2 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21909 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: UI Framework). Supported versions that are affected are 23.3 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel CRM accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Supply Chain

This table provides the text form of the Risk Matrix for Oracle Supply Chain.
 

CVE ID Description
CVE-2022-42003 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (jackson-databind)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-45143 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile PLM accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Systems

This table provides the text form of the Risk Matrix for Oracle Systems.
 

CVE ID Description
CVE-2023-21896 Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris.

CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21928 Vulnerability in the Oracle Solaris product of Oracle Systems (component: IPS repository daemon). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data.

CVSS 3.1 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21948 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Core). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21984 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Libraries). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21985 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris.

CVSS 3.1 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-22003 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data.

CVSS 3.1 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Utilities Applications

This table provides the text form of the Risk Matrix for Oracle Utilities Applications.
 

CVE ID Description
CVE-2020-11987 Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Apache Batik)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2020-13936 Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Apache Velocity Engine)). Supported versions that are affected are 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0 and 4.4.0.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Application Framework.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: User Interface (jQueryUI)). Supported versions that are affected are 2.3.0.2, 2.4.0.1, 2.5.0.0 and 2.5.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Utilities Network Management System, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Network Management System accessible data as well as unauthorized read access to a subset of Oracle Utilities Network Management System accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-23305 Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (Apache Log4j)). The supported version that is affected is 4.2.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Application Framework.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-33980 Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Apache Commons Configuration)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-41966 Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General (XStream)). Supported versions that are affected are 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0 and 4.5.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Application Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Application Framework.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Virtualization

This table provides the text form of the Risk Matrix for Oracle Virtualization.
 

CVE ID Description
CVE-2022-42916 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core (cURL)). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21987 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21988 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data.

CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21989 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.

CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21990 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21991 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data.

CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21998 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data.

Note : This vulnerability applies to Windows VMs only.

CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21999 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data.

CVSS 3.1 Base Score 3.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-22000 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data.

CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-22001 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data.

CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-22002 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.

CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). ( legend ) [ Advisory ]