Text Form of Oracle Critical Patch Update - January 2023 Risk Matrices

 

This document provides the text form of the CPUJan2023 Advisory Risk Matrices. Please note that the CVE IDs in this document correspond to the same CVE IDs in the CPUJan2023 Advisory

This page contains the following text format Risk Matrices:

Text Form of Risk Matrix for Oracle Database Server

This table provides the text form of the Risk Matrix for Oracle Database Server.
 

CVE ID Description
CVE-2018-25032 Vulnerability in the Oracle Database (zlib) component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Oracle Database (zlib). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database (zlib).

CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2020-10735 Vulnerability in the Oracle Database (Python) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via multiple protocols to compromise Oracle Database (Python). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database (Python).

CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2020-10878 Security-in-Depth issue in the Perl component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-3737 Vulnerability in the Oracle Database - Machine Learning for Python (Python) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Database User privilege with network access via Oracle Net to compromise Oracle Database - Machine Learning for Python (Python). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database - Machine Learning for Python (Python).

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-37750 Security-in-Depth issue in the Oracle Database (MIT Kerberos KDC) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-1122 Security-in-Depth issue in the Spatial and Graph (OpenJPEG) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-21597 Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-3171 Security-in-Depth issue in the Spatial and Graph Mapviewer (Google Protobuf-Java) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-39429 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM.

CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Database Fleet Patching (jackson-databind) component of Oracle Database Server. The supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Oracle Database Fleet Patching (jackson-databind). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Fleet Patching (jackson-databind).

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Security-in-Depth issue in the Oracle Database SQLcl (Apache Commons Text) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-45047 Security-in-Depth issue in the Oracle Database Portable Clusterware (Apache Mina SSHD) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-45047 Security-in-Depth issue in the Oracle SQLcl (Apache Mina SSHD) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2023-21827 Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database Data Redaction. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Database Data Redaction accessible data.

CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21829 Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database RDBMS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Database RDBMS Security accessible data as well as unauthorized read access to a subset of Oracle Database RDBMS Security accessible data.

CVSS 3.1 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21893 Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Data Provider for .NET.

Note : Applies also to Database client-only on Windows platform.

CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Big Data Graph

This table provides the text form of the Risk Matrix for Oracle Big Data Graph.
 

CVE ID Description
CVE-2022-38752 Security-in-Depth issue in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Big Data Graph (SnakeYAML)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-42252 Security-in-Depth issue in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Big Data Graph (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle Essbase

This table provides the text form of the Risk Matrix for Oracle Essbase.
 

CVE ID Description
CVE-2022-2274 Vulnerability in Oracle Essbase (component: Essbase Web Platform (OpenSSL)). The supported version that is affected is 21.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Essbase. Successful attacks of this vulnerability can result in takeover of Oracle Essbase.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Security-in-Depth issue in Oracle Essbase (component: Essbase Web Platform (Moment)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-42915 Vulnerability in Oracle Essbase (component: Infrastructure (cURL)). The supported version that is affected is 21.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in takeover of Oracle Essbase.

CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Global Lifecycle Management

This table provides the text form of the Risk Matrix for Oracle Global Lifecycle Management.
 

CVE ID Description
CVE-2022-42004 Security-in-Depth issue in the Oracle Global Lifecycle Management OPatchAuto product of Oracle Global Lifecycle Management (component: Database extensions (jackson-databind)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-45047 Security-in-Depth issue in the Oracle Global Lifecycle Management OPatchAuto product of Oracle Global Lifecycle Management (component: Database extensions (Apache Mina SSHD)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle GoldenGate

This table provides the text form of the Risk Matrix for Oracle GoldenGate.
 

CVE ID Description
CVE-2020-13920 Security-in-Depth issue in the GoldenGate Stream Analytics product of Oracle GoldenGate (component: Stream Analytics (Apache ActiveMQ)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2020-13956 Vulnerability in the Oracle Stream Analytics product of Oracle GoldenGate (component: Stream Analytics (Apache HttpClient)). Supported versions that are affected are Prior to 19.1.0.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Stream Analytics. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Stream Analytics accessible data.

CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the GoldenGate Stream Analytics product of Oracle GoldenGate (component: GoldenGate Stream Analytics (jackson-databind)). Supported versions that are affected are Prior to 19.1.0.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise GoldenGate Stream Analytics. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of GoldenGate Stream Analytics.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2048 Security-in-Depth issue in the GoldenGate Stream Analytics product of Oracle GoldenGate (component: GoldenGate Stream Analytics (Eclipse Jetty)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-22950 Security-in-Depth issue in the Management Pack for Oracle GoldenGate product of Oracle GoldenGate (component: Monitor (Spring Framework)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-22971 Security-in-Depth issue in the GoldenGate Veridata product of Oracle GoldenGate (component: GoldenGate Veridata (Spring Framework)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-25647 Vulnerability in the GoldenGate Stream Analytics product of Oracle GoldenGate (component: GoldenGate Stream Analytics (Google Gson)). Supported versions that are affected are Prior to 19.1.0.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise GoldenGate Stream Analytics. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of GoldenGate Stream Analytics.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Graph Server and Client

This table provides the text form of the Risk Matrix for Oracle Graph Server and Client.
 

CVE ID Description
CVE-2022-31129 Security-in-Depth issue in Oracle Graph Server and Client (component: PGX Java Client (Moment.js)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-3171 Security-in-Depth issue in Oracle Graph Server and Client (component: Packaging/install (Google Protobuf-Java)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-33980 Security-in-Depth issue in Oracle Graph Server and Client (component: Oracle Graph Server (Apache Commons Configuration)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-38752 Security-in-Depth issue in Oracle Graph Server and Client (component: Packaging/install (SnakeYAML)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-42252 Security-in-Depth issue in Oracle Graph Server and Client (component: Packaging/install (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle Spatial Studio

This table provides the text form of the Risk Matrix for Oracle Spatial Studio.
 

CVE ID Description
CVE-2022-3171 Security-in-Depth issue in Oracle Spatial Studio (component: Oracle Spatial Studio (Google Protobuf-Java)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-42003 Security-in-Depth issue in Oracle Spatial Studio (component: Oracle Spatial Studio (jackson-databind)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle TimesTen In-Memory Database

This table provides the text form of the Risk Matrix for Oracle TimesTen In-Memory Database.
 

CVE ID Description
CVE-2022-37434 Vulnerability in Oracle TimesTen In-Memory Database (component: In-Memory Database (zlib)). Supported versions that are affected are Prior to 11.2.2.8.65. Easily exploitable vulnerability allows low privileged attacker with network access via Oracle Net to compromise Oracle TimesTen In-Memory Database. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle TimesTen In-Memory Database.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Commerce

This table provides the text form of the Risk Matrix for Oracle Commerce.
 

CVE ID Description
CVE-2020-36518 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (jackson-databind)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22965 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Content Acquisition System (Spring Framework)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Guided Search.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Communications Applications

This table provides the text form of the Risk Matrix for Oracle Communications Applications.
 

CVE ID Description
CVE-2019-17571 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Message Bus (Apache Log4j)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-16156 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Perl DBI)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Unified Assurance executes to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-41411 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Rulesets (XStream)). Supported versions that are affected are 7.4.0, 7.4.1, 7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-43797 Vulnerability in the Oracle Communications Elastic Charging Engine product of Oracle Communications Applications (component: Security (Netty)). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Elastic Charging Engine. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Elastic Charging Engine accessible data.

CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Communications Elastic Charging Engine product of Oracle Communications Applications (component: Security (Spring Framework)). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Elastic Charging Engine.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: TMF APIs (Spring Framework)). Supported versions that are affected are 7.4.0, 7.4.1 and 7.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22978 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Message Bus (Spring Security)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: REST API (Google Gson)). Supported versions that are affected are 7.4.0, 7.4.1, 7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25857 Security-in-Depth issue in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: EAI Manager (SnakeYAML)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-25857 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: REST Services Manager (SnakeYaml)). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-30126 Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: ISC (Apache Tika)). The supported version that is affected is 8.1.0.20.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Messaging Server executes to compromise Oracle Communications Messaging Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31692 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: REST API (Spring Security)). Supported versions that are affected are 7.4.0, 7.4.1 and 7.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Inventory Management.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Policy (Google Protobuf-Java)). Supported versions that are affected are 7.4.0-7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-32212 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: User Interface (Node.js)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-33980 Vulnerability in the Oracle Communications Elastic Charging Engine product of Oracle Communications Applications (component: Cloud native deployment (Apache Commons Configuration)). Supported versions that are affected are 12.0.0.5.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Elastic Charging Engine. Successful attacks of this vulnerability can result in takeover of Oracle Communications Elastic Charging Engine.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-34917 Vulnerability in the Oracle Communications Elastic Charging Engine product of Oracle Communications Applications (component: Security (Apache Kafka)). Supported versions that are affected are 12.0.0.5.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Elastic Charging Engine.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-35737 Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: IMAP (NSS)). The supported version that is affected is 8.1.0.20.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-36055 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Helm)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-37454 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: User Interface (PHP)). Supported versions that are affected are 5.5.0-5.5.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-38752 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Signaling (SnakeYAML)). The supported version that is affected is 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-39271 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Cloud Native (Traefik)). The supported version that is affected is 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-40146 Vulnerability in the Oracle Communications MetaSolv Solution product of Oracle Communications Applications (component: Utilities (Apache Batik)). The supported version that is affected is 6.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications MetaSolv Solution. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications MetaSolv Solution accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-40150 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Webservices Manager (Jettison)). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-41720 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Go)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Unified Assurance accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care, BOC, DM Kafka, REST API (jackson-databind)). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Calendar Server product of Oracle Communications Applications (component: Calendar Server (jackson-databind)). The supported version that is affected is 8.0.0.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Calendar Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Calendar Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Contacts Server product of Oracle Communications Applications (component: Contact Server (jackson-databind)). The supported version that is affected is 8.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Contacts Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Contacts Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Instant Messaging Server product of Oracle Communications Applications (component: DBPlugin (jackson-databind)). The supported version that is affected is 10.0.1.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Instant Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Instant Messaging Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: ISC (jackson-databind)). The supported version that is affected is 8.1.0.20.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Messaging Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: REST Service Manager (jackson-databind)). Supported versions that are affected are 12.0.0.5.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Pricing Design Center.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Message Bus (jackson-databind)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Unified Inventory Management product of Oracle Communications Applications (component: Others (jackson-databind)). Supported versions that are affected are 7.4.0, 7.4.1, 7.4.2 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Inventory Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Inventory Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42252 Vulnerability in the Oracle Communications Instant Messaging Server product of Oracle Communications Applications (component: DBPlugin (Apache Tomcat)). The supported version that is affected is 10.0.1.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Instant Messaging Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Instant Messaging Server accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-42252 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Integration (Apache Tomcat)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Unified Assurance accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Communications Elastic Charging Engine product of Oracle Communications Applications (component: Security (Apache Commons Text)). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Elastic Charging Engine. Successful attacks of this vulnerability can result in takeover of Oracle Communications Elastic Charging Engine.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Communications Design Studio product of Oracle Communications Applications (component: PSR Designer (Apache Commons Text)). The supported version that is affected is 7.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Design Studio. Successful attacks of this vulnerability can result in takeover of Oracle Communications Design Studio.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Installer (Apache Commons Text)). The supported version that is affected is 7.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Order and Service Management.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Core (Apache Commons Text)). Supported versions that are affected are 5.5.0-5.5.9 and 6.0.0-6.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21824 Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications BRM - Elastic Charging Engine accessible data.

CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21848 Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergence.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Communications

This table provides the text form of the Risk Matrix for Oracle Communications.
 

CVE ID Description
CVE-2018-1273 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Studio (Spring Data Commons)). The supported version that is affected is 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-10735 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Python)). The supported version that is affected is 22.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-21708 Security-in-Depth issue in the Oracle SD-WAN Aware product of Oracle Communications (component: Management (PHP)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-40528 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Libgcrypt)). The supported version that is affected is 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Binding Support Function accessible data.

CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-0084 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (xnio-api)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-0492 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Kernel)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router executes to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-0934 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Oracle Linux 8 (dnsmasq)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-1304 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Oracle Linux (e2fsprogs)). Supported versions that are affected are 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Exposure Function executes to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-1304 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Installation and Configuration (e2fsprogs)). Supported versions that are affected are 22.4.0 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Security Edge Protection Proxy executes to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-1319 Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installation (Undertow)). The supported version that is affected is 22.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2048 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Signaling (Eclipse Jetty)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2048 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Eclipse Jetty)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2053 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Signaling (Undertow)). Supported versions that are affected are 22.3.0-22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2053 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (undertow-core)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2053 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Signaling (Undertow)). Supported versions that are affected are 22.3.0 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21824 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (MySQL)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Binding Support Function accessible data.

CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H). ( legend ) [ Advisory ]
CVE-2022-21824 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (MySQL)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Policy accessible data.

CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H). ( legend ) [ Advisory ]
CVE-2022-22970 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Signaling (Spring Framework)). The supported version that is affected is 1.11.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy.

CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Spring Framework)). Supported versions that are affected are 22.3.2 and 22.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Communications Diameter Intelligence Hub product of Oracle Communications (component: Mediation (Spring Framework)). The supported version that is affected is 8.2.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Intelligence Hub. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Intelligence Hub.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-24407 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Cyrus SASL)). The supported version that is affected is 22.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-24823 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Netty)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Binding Support Function executes to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Binding Support Function accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-24903 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Multiple)). The supported version that is affected is 8.6.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SYSLOG to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-2509 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (Oracle Linux)). Supported versions that are affected are 22.2.0, 22.2.2 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2526 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (systemd-libs)). Supported versions that are affected are 22.2.2, 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Automated Test Suite.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-25315 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (LibExpat)). The supported version that is affected is 22.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (Google Gson)). Supported versions that are affected are 22.2.2, 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Google Gson)). The supported version that is affected is 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Communications Performance Intelligence Center (PIC) Software product of Oracle Communications (component: Management (Google Gson)). The supported version that is affected is 10.4.0.4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Performance Intelligence Center (PIC) Software. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Performance Intelligence Center (PIC) Software.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25857 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Signaling (SnakeYAML)). The supported version that is affected is 22.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-27404 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (FreeType)). The supported version that is affected is 22.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-27404 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Oracle Linux 8 (FreeType)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-29824 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (libxml2)). The supported version that is affected is 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3028 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (Kernel)). The supported version that is affected is 8.6.0.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router executes to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router.

CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-30293 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (WebKitGTK)). Supported versions that are affected are 22.3.3 and 22.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository.

CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (Moment.js)). Supported versions that are affected are 22.1.0 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31629 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (PHP)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data.

CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-31692 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Spring Security)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Console.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31692 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Spring Security)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Exposure Function.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31692 Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installation (Spring Security crypto)). The supported version that is affected is 22.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31692 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Spring Security)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31692 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (Spring Security)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (Google Protobuf-Java)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Google Protobuf-Java)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Google Protobuf-Java)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installation (Google Protobuf-Java)). The supported version that is affected is 22.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Platform (Google Protobuf-Java)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Google Protobuf-Java)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Google Protobuf-Java)). Supported versions that are affected are 22.2.2 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-34305 Vulnerability in the Management Cloud Engine product of Oracle Communications (component: Backend Server (Apache Tomcat)). The supported version that is affected is 22.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Management Cloud Engine, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Management Cloud Engine accessible data as well as unauthorized read access to a subset of Management Cloud Engine accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-3510 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Google Protobuf-Java)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (zlib)). The supported version that is affected is 22.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (zlib)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (zlib)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-38752 Vulnerability in the Oracle Communications Cloud Native Core Automated Test Suite product of Oracle Communications (component: ATS Framework (SnakeYAML)). Supported versions that are affected are 22.2.2, 22.3.1 and 22.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Automated Test Suite. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Automated Test Suite.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-38752 Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installation (SnakeYAML)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-38752 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Signaling (SnakeYAML)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-38752 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (SnakeYAML)). Supported versions that are affected are 22.3.4 and 22.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-38752 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (SnakeYAML)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-40304 Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Oracle Linux (libxml2)). Supported versions that are affected are 22.3.1 and 22.4.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Slice Selection Function executes to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Slice Selection Function.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-4147 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Quarkus)). Supported versions that are affected are 22.3.0 and 22.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Console.

CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-41881 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Netty)). Supported versions that are affected are 22.3.0 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Security-in-Depth issue in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (jackson-databind)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (jackson-databind)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Cloud Native Core Network Data Analytics Function product of Oracle Communications (component: REST API (jackson-databind)). The supported version that is affected is 22.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Data Analytics Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Data Analytics Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (jackson-databind)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installation (jackson-databind)). The supported version that is affected is 22.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle Communications (component: Platform (jackson-databind)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Slice Selection Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Slice Selection Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (jackson-databind)). The supported version that is affected is 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (jackson-databind)). Supported versions that are affected are 22.2.2 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Communications Diameter Intelligence Hub product of Oracle Communications (component: Mediation (jackson-databind)). The supported version that is affected is 8.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Intelligence Hub. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Intelligence Hub.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Management Cloud Engine product of Oracle Communications (component: Security (jackson-databind)). The supported version that is affected is 22.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Management Cloud Engine.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42252 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Policy (Apache Tomcat)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Binding Support Function accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-42252 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Policy (Apache Tomcat)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Policy accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-42252 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Diameter Signaling Router accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Apache Commons Text)). Supported versions that are affected are 22.3.4 and 22.2.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Virtual Network Function Manager (Apache Common Text)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Management Cloud Engine product of Oracle Communications (component: Security (Apache Commons Text)). The supported version that is affected is 22.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Management Cloud Engine. Successful attacks of this vulnerability can result in takeover of Management Cloud Engine.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42915 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Install/Upgrade (cURL)). The supported version that is affected is 22.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-43403 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Jenkins Script)). The supported version that is affected is 22.3.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. While the vulnerability is in Oracle Communications Cloud Native Core Unified Data Repository, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository.

CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-45047 Security-in-Depth issue in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (Apache MINA SSHD)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2023-21890 Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Supported versions that are affected are 7.1.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to compromise Oracle Communications Converged Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Converged Application Server.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Construction and Engineering

This table provides the text form of the Risk Matrix for Oracle Construction and Engineering.
 

CVE ID Description
CVE-2021-23358 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: User Interface (UnderscoreJS)). Supported versions that are affected are 18.8, 19.12, 20.12, 21.12 and 22.12. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data.

CVSS 3.1 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Google Protobuf-Java)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-34917 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Event Streams and Communications (Apache Kafka)). Supported versions that are affected are 18.8, 19.12, 20.12, 21.12 and 22.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (jackson-databind)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (jackson-databind)). Supported versions that are affected are 18.8, 19.12, 20.12, 21.12 and 22.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Unifier.

CVSS 3.1 Base Score 5.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Apache Commons Text)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in takeover of Primavera Gateway.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21888 Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.10 and 21.12.0-21.12.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Gateway, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Gateway accessible data as well as unauthorized read access to a subset of Primavera Gateway accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle E-Business Suite

This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
 

CVE ID Description
CVE-2023-21825 Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Supplier Management). Supported versions that are affected are 12.2.6-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iSupplier Portal accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21834 Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workflow, Approval, Work Force Management). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Self-Service Human Resources. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Self-Service Human Resources accessible data.

CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21847 Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Download). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21849 Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21851 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21852 Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite (component: Setup). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Learning Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Learning Management accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21853 Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Synchronization). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Mobile Field Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Mobile Field Service accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21854 Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Core Components). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales Offline. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sales Offline accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21855 Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Business Suite (component: Pocket Outlook Sync(PocketPC)). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales for Handhelds. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sales for Handhelds accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21856 Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSetup. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle iSetup accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21857 Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Auomated Test Suite). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM Common Architecture. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HCM Common Architecture accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21858 Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite (component: Installation). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Collaborative Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Collaborative Planning accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Enterprise Manager

This table provides the text form of the Risk Matrix for Oracle Enterprise Manager.
 

CVE ID Description
CVE-2022-25647 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console (Google Gson)). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Base Platform.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31813 Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Update Provisioning (Apache HTTP Server)). The supported version that is affected is 12.4.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Enterprise Manager Ops Center executes to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops Center.

CVSS 3.1 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Management Agent (Apache Commons Text)). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Financial Services Applications

This table provides the text form of the Risk Matrix for Oracle Financial Services Applications.
 

CVE ID Description
CVE-2022-2048 Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (Eclipse Jetty)). The supported version that is affected is 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Crime and Compliance Management Studio.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-24823 Vulnerability in the Oracle Banking Enterprise Default Management product of Oracle Financial Services Applications (component: Collections (Netty)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Enterprise Default Management executes to compromise Oracle Banking Enterprise Default Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Enterprise Default Management accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-24823 Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (Netty)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Banking Party Management executes to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Party Management accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (Google Protobuf-Java)). The supported version that is affected is 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Crime and Compliance Management Studio.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-33980 Vulnerability in the Oracle Banking Enterprise Default Management product of Oracle Financial Services Applications (component: Collections (Apache Commons Configuration)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Enterprise Default Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Enterprise Default Management.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-33980 Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (Apache Commons Configuration)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in takeover of Oracle Banking Party Management.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-33980 Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (Apache Commons Configuration)). The supported version that is affected is 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Crime and Compliance Management Studio.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-36033 Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (jsoup)). The supported version that is affected is 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Crime and Compliance Management Studio, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Crime and Compliance Management Studio accessible data as well as unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Management Studio accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-38752 Vulnerability in the Oracle Banking Enterprise Default Management product of Oracle Financial Services Applications (component: Collections (SnakeYAML)). The supported version that is affected is 2.6.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Enterprise Default Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Enterprise Default Management.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-38752 Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (SnakeYAML)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Party Management.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Banking Enterprise Default Management product of Oracle Financial Services Applications (component: Collections (jackson-databind)). Supported versions that are affected are 2.7.1 and 2.12.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Enterprise Default Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Enterprise Default Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Banking Loans Servicing product of Oracle Financial Services Applications (component: Web UI (jackson-databind)). Supported versions that are affected are 2.8.0 and 2.12.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Loans Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Loans Servicing.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (jackson-databind)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Party Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Security (jackson-databind)). Supported versions that are affected are 2.6.2, 2.7.1, 2.9.0 and 2.12.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Platform.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (jackson-databind)). The supported version that is affected is 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Crime and Compliance Management Studio.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42252 Vulnerability in the Oracle Financial Services Crime and Compliance Management Studio product of Oracle Financial Services Applications (component: Studio (Apache Tomcat)). The supported version that is affected is 8.0.8.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Crime and Compliance Management Studio. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Crime and Compliance Management Studio accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Food and Beverage Applications

This table provides the text form of the Risk Matrix for Oracle Food and Beverage Applications.
 

CVE ID Description
CVE-2021-2351 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics.

CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Engagement (jQuery UI)). Supported versions that are affected are 18.2.11 and 19.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data as well as unauthorized read access to a subset of Oracle Hospitality Simphony accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in the Oracle Hospitality Gift and Loyalty product of Oracle Food and Beverage Applications (component: Reporting (Apache Log4j)). The supported version that is affected is 9.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Hospitality Gift and Loyalty. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Gift and Loyalty.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in the Oracle Hospitality Labor Management product of Oracle Food and Beverage Applications (component: Reporting (Apache Log4j)). The supported version that is affected is 9.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Hospitality Labor Management. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Labor Management.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting (Apache Log4j)). The supported version that is affected is 9.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21826 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Reporting and Analytics.

CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H). ( legend ) [ Advisory ]
CVE-2023-21828 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Hospitality Reporting and Analytics. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Reporting and Analytics accessible data.

CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Fusion Middleware

This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
 

CVE ID Description
CVE-2018-25032 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (zlib)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2018-7489 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Third Party Jars (jackson-databind)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-10693 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Hibernate Validator)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Middleware Common Libraries and Tools accessible data.

CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2020-11987 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Middleware Common Libraries and Tools accessible data as well as unauthorized update, insert or delete access to some of Oracle Middleware Common Libraries and Tools accessible data.

CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). ( legend ) [ Advisory ]
CVE-2020-13956 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Apache HttpClient)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Middleware Common Libraries and Tools accessible data.

CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-31812 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (Apache PDFBox)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebCenter Sites executes to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Sites.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-36090 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Apache Commons Compress)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-36770 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Perl)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Middleware Common Libraries and Tools executes to compromise Oracle Middleware Common Libraries and Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-42717 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (ModSecurity)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-1122 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (OpenJPEG)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2274 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (OpenSSL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23305 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core (Apache Log4j)). Supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23457 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Enterprise Security API)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools.

CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-24329 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Majel Mobile Service (Kotlin)). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data.

CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-25236 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Expat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Majel Mobile Service (Google Gson)). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (Google GSON)). The supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-27404 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (FreeType)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-27782 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (cURL)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle HTTP Server accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-29824 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (libxml2)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Install (Google Protobuf-Java)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Fusion Middleware MapViewer.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31813 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (zlib)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-40146 Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Install (Apache Batik)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware MapViewer accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-40150 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Third Party Jars (Jettison)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-40153 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Third Party Jars (XStream)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-40664 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (Apache Shiro)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues (jackson-databind)). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Global Lifecycle Management NextGen OUI Framework.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server (Apache Commons Text)). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Apache Commons Text)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server (Apache Commons Text)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42920 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Third party Jars (Apache Commons BCEL)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-43680 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Centralized Third-party Jars (Libexpat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-43680 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: DC-Specific Component (LibExpat)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-45047 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: End-User Documentation (Apache Mina SSHD)). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-45047 Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues (Apache Mina SSHD)). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks of this vulnerability can result in takeover of Oracle Global Lifecycle Management NextGen OUI Framework.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-45047 Vulnerability in the Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: RDA - Remote Diagnostic Agent (Apache Mina SSHD)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Middleware Common Libraries and Tools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21832 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21837 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21838 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21839 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21841 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21842 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21846 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21859 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Access Manager executes to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data.

CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21861 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21862 Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component: XML Security component). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Web Services Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Web Services Manager accessible data.

CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21891 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21892 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). Supported versions that are affected are 5.9.0.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21894 Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Global Lifecycle Management NextGen OUI Framework executes to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Global Lifecycle Management NextGen OUI Framework.

CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Health Sciences Applications

This table provides the text form of the Risk Matrix for Oracle Health Sciences Applications.
 

CVE ID Description
CVE-2022-23457 Vulnerability in the Oracle Health Sciences Empirica Signal product of Oracle Health Sciences Applications (component: Core (Enterprise Security API)). Supported versions that are affected are 9.1.0.52 and 9.2.0.52. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences Empirica Signal. Successful attacks of this vulnerability can result in takeover of Oracle Health Sciences Empirica Signal.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Health Sciences Empirica Signal product of Oracle Health Sciences Applications (component: Core (jackson-databind)). Supported versions that are affected are 9.1.0.52 and 9.2.0.52. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences Empirica Signal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Health Sciences Empirica Signal.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle HealthCare Applications

This table provides the text form of the Risk Matrix for Oracle HealthCare Applications.
 

CVE ID Description
CVE-2018-1273 Vulnerability in the Oracle Healthcare Data Repository product of Oracle HealthCare Applications (component: FHIR Server (Spring Data Commons)). Supported versions that are affected are 8.1.0.0-8.1.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Data Repository.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Healthcare Data Repository product of Oracle HealthCare Applications (component: FHIR Server (Spring Framework)). Supported versions that are affected are 8.1.0.0-8.1.3.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Data Repository.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: Data Studio (Spring Framework)). Supported versions that are affected are 4.1.0.0-4.1.1.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23221 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: Data Studio (H2 Database)). Supported versions that are affected are 4.1.0.0-4.1.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Translational Research.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Hospitality Applications

This table provides the text form of the Risk Matrix for Oracle Hospitality Applications.
 

CVE ID Description
CVE-2021-36483 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System product of Oracle Hospitality Applications (component: FMS Suite (DevExpress)). The supported version that is affected is 20.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Shipboard Property Management System.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Hyperion

This table provides the text form of the Risk Matrix for Oracle Hyperion.
 

CVE ID Description
CVE-2021-31805 Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache Struts)). The supported version that is affected is 11.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache Commons Text)). The supported version that is affected is 11.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Insurance Applications

This table provides the text form of the Risk Matrix for Oracle Insurance Applications.
 

CVE ID Description
CVE-2022-23437 Vulnerability in the Oracle Documaker product of Oracle Insurance Applications (component: Development Tools (Apache Xerces-J)). Supported versions that are affected are 12.4.0-12.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Java SE

This table provides the text form of the Risk Matrix for Oracle Java SE.
 

CVE ID Description
CVE-2022-43548 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21830 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21835 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2023-21843 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle JD Edwards

This table provides the text form of the Risk Matrix for Oracle JD Edwards.
 

CVE ID Description
CVE-2022-26336 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC (Apache POI)). Supported versions that are affected are Prior to 9.2.7.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where JD Edwards EnterpriseOne Tools executes to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (Apache Commons Text)). Supported versions that are affected are Prior to 9.2.7.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Orchestrator.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle MySQL

This table provides the text form of the Risk Matrix for Oracle MySQL.
 

CVE ID Description
CVE-2020-10735 Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client (Python)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell.

Note : CVE-2020-10735 is non-exploitable in MySQL Shell, because it is a flaw in Python that is distributed in the MySQL Shell and the affected module in Python is not a functional dependency in MySQL Shell.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36242 Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client (cryptography)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell.

Note : CVE-2020-36242 is non-exploitable in MySQL Shell, because it is a flaw in cryptography that is distributed in the MySQL Shell and the affected module in cryptography is not a functional dependency in MySQL Shell.

CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-1941 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python (Python)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Spring Framework)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-24407 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (Cyrus SASL)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-24407 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (Cyrus SASL)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31692 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Spring Security)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-3171 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Net (Google Protobuf-Java)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-32221 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (cURL)). Supported versions that are affected are 5.7.40 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (zlib)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in takeover of MySQL Workbench.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-40304 Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (libxml2)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Workbench executes to compromise MySQL Workbench. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Workbench.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-42252 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21836 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21840 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.40 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21860 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Internal Operations). Supported versions that are affected are 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior and 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster.

CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21863 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21864 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21865 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21866 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21867 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21868 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21869 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.

CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). ( legend ) [ Advisory ]
CVE-2023-21870 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21871 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21872 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.

CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). ( legend ) [ Advisory ]
CVE-2023-21873 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21874 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.

CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2023-21875 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21876 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21877 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.

CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). ( legend ) [ Advisory ]
CVE-2023-21878 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21879 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21880 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.

CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). ( legend ) [ Advisory ]
CVE-2023-21881 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21882 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data.

CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21883 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21887 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle PeopleSoft

This table provides the text form of the Risk Matrix for Oracle PeopleSoft.
 

CVE ID Description
CVE-2020-10735 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Porting (Python)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-3918 Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Chatbot Framework (JSON Schema)). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise CC Common Application Objects.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-3918 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (JSON Schema)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-25857 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Cloud Manager (SnakeYAML)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-27782 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: File Processing (cURL)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Moment.js)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-37434 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PeopleSoft CDA (zlib)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-40149 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (Jettison)). The supported version that is affected is 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (jackson-databind)). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21831 Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft (component: Advising Notes). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Academic Advisement. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CS Academic Advisement accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21844 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2023-21845 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). The supported version that is affected is 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Retail Applications

This table provides the text form of the Risk Matrix for Oracle Retail Applications.
 

CVE ID Description
CVE-2022-42003 Vulnerability in the Oracle Retail Service Backbone product of Oracle Retail Applications (component: Installation (jackson-databind)). Supported versions that are affected are 14.1.3.2, 15.0.3.1 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Service Backbone.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Siebel CRM

This table provides the text form of the Risk Matrix for Oracle Siebel CRM.
 

CVE ID Description
CVE-2021-44832 Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing (Apache Log4j)). Supported versions that are affected are 22.10 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in takeover of Siebel Apps - Marketing.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-2274 Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core - Server Infrastructure (OpenSSL)). Supported versions that are affected are 22.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Siebel CRM. Successful attacks of this vulnerability can result in takeover of Siebel CRM.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Supply Chain

This table provides the text form of the Risk Matrix for Oracle Supply Chain.
 

CVE ID Description
CVE-2019-12415 Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Installation (Apache POI)). Supported versions that are affected are Prior to 21.0.2.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle AutoVue executes to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle AutoVue accessible data.

Note : This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2019-7317 Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (libpng)). Supported versions that are affected are Prior to 21.0.2.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle AutoVue.

Note : This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details.

CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-27844 Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (OpenJPEG)). Supported versions that are affected are Prior to 21.0.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle AutoVue executes to compromise Oracle AutoVue. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue.

Note : This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security (Apache Log4j)). Supported versions that are affected are 12.2.7, 12.2.8, 12.2.9, 12.2.10, 12.2.11 and 12.2.12. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in takeover of Oracle Demantra Demand Management.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-24839 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (NekoHTML)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-34169 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Application Server (Apache Xalan-J)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile PLM accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-42252 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile PLM accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2023-21850 Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Support Tools

This table provides the text form of the Risk Matrix for Oracle Support Tools.
 

CVE ID Description
CVE-2021-37533 Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant (Apache Commons Net)). The supported version that is affected is 2.12.43. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-37533 Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: RDA - Remote Diagnostic Agent (Apache Commons Net)). The supported version that is affected is 22.4.22.10.18. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-37533 Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Services Tools Bundle (Apache Commons Net)). The supported version that is affected is 22.4.22.10.18. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-45047 Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant (Apache Mina SSHD)). The supported version that is affected is 2.12.43. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-45047 Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: RDA - Remote Diagnostic Agent (Apache MINA SSHD)). The supported version that is affected is 22.4.22.10.18. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-45047 Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Services Tools Bundle (Apache Mina SSHD)). The supported version that is affected is 22.2.22.4.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Systems

This table provides the text form of the Risk Matrix for Oracle Systems.
 

CVE ID Description
CVE-2022-23219 Vulnerability in the Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers product of Oracle Systems (component: XCP Firmware (glibc)). Supported versions that are affected are Prior to XCP2411, prior to XCP3111 and prior to XCP4011. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers. Successful attacks of this vulnerability can result in takeover of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21900 Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris.

CVSS 3.1 Base Score 4.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:L). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Utilities Applications

This table provides the text form of the Risk Matrix for Oracle Utilities Applications.
 

CVE ID Description
CVE-2019-12402 Security-in-Depth issue in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Apache Commons Compress)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2020-10683 Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: Content Acquisition System (dom4j)). Supported versions that are affected are 2.3.0.2, 2.4.0.1, 2.5.0.0, 2.5.0.1 and 2.5.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Network Management System.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-11979 Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: Installation (Apache Ant)). Supported versions that are affected are 2.3.0.2, 2.4.0.1, 2.5.0.0, 2.5.0.1 and 2.5.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Utilities Network Management System accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2021-29425 Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Apache Commons IO)). Supported versions that are affected are 2.3.0.2, 2.4.0.1 and 2.5.0.0-2.5.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Network Management System accessible data as well as unauthorized read access to a subset of Oracle Utilities Network Management System accessible data.

CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-43797 Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Netty)). Supported versions that are affected are 2.5.0.1 and 2.5.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Network Management System. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Utilities Network Management System accessible data.

CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2021-45105 Vulnerability in the Oracle Utilities Network Management System product of Oracle Utilities Applications (component: System Wide (Apache Log4j)). Supported versions that are affected are 2.3.0.2, 2.4.0.1 and 2.5.0.0-2.5.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Utilities Network Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Network Management System.

CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42003 Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: General (jackson-databind)). Supported versions that are affected are 4.3.0.5.0, 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, 4.4.0.3.0 and 4.5.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Framework.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-42889 Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: General (Apache Commons Text)). Supported versions that are affected are 4.4.0.3.0 and 4.5.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Framework. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Framework.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Virtualization

This table provides the text form of the Risk Matrix for Oracle Virtualization.
 

CVE ID Description
CVE-2022-37434 Security-in-Depth issue in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core (zlib)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2023-21884 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.

CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21885 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data.

Note : Applies to Windows only.

CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21886 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2023-21889 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data.

CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2023-21898 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.

Note : Applies to VirtualBox VMs running Windows 7 and later.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2023-21899 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.

Note : Applies to VirtualBox VMs running Windows 7 and later.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]