We’re sorry. We could not find a match for your search.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try "application" instead of "software."
  • Start a new search.
Cloud Account Sign in to Cloud
Oracle Account

Text Form of Oracle Critical Patch Update - October 2022 Risk Matrices

 

This document provides the text form of the CPUOct2022 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUOct2022 Advisory

This page contains the following text format Risk Matrices:

Text Form of Risk Matrix for Oracle Database Server

This table provides the text form of the Risk Matrix for Oracle Database Server.
 

CVE# Description
CVE-2019-2904 Security-in-Depth issue in the Oracle Database Configuration Assistant component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2020-13956 Security-in-Depth issue in the Oracle Database (Apache HttpClient) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle Database - Fleet Patching (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having REST User privilege with network access via HTTP to compromise Oracle Database - Fleet Patching (jackson-databind). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database - Fleet Patching (jackson-databind).

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Spatial and Graph (jackson-databind) component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Spatial and Graph (jackson-databind). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Spatial and Graph (jackson-databind).

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-25122 Security-in-Depth issue in the Oracle Database - Fleet Patching (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-30129 Security-in-Depth issue in the Oracle Database - RDBMS Security (Apache MINA SSHD) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-3737 Security-in-Depth issue in the Oracle Database - RDBMS (Python) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-4048 Security-in-Depth issue in the Oracle Database - RDBMS (OpenBLAS) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-4104 Security-in-Depth issue in the Oracle Retail Data Model (Apache Log4j) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-41495 Vulnerability in the Oracle Database - Machine Learning (Numpy) component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Machine Learning (Numpy). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database - Machine Learning (Numpy).

CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2022-1587 Vulnerability in the Oracle Notification Server (PCRE2) component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Subscriber privilege with network access via HTTP to compromise Oracle Notification Server (PCRE2). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Notification Server (PCRE2).

Note : This vulnerability applies to Windows systems only.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2048 Security-in-Depth issue in the Oracle Database - Workload Manager (Eclipse Jetty) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-21596 Vulnerability in the Oracle Database - Advanced Queuing component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having DBA user privilege with network access via Oracle Net to compromise Oracle Database - Advanced Queuing. Successful attacks of this vulnerability can result in takeover of Oracle Database - Advanced Queuing.

CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-21603 Vulnerability in the Oracle Database - Sharding component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Local Logon to compromise Oracle Database - Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Sharding.

CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-21606 Vulnerability in the Oracle Services for Microsoft Transaction Server component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Services for Microsoft Transaction Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Services for Microsoft Transaction Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Services for Microsoft Transaction Server accessible data as well as unauthorized read access to a subset of Oracle Services for Microsoft Transaction Server accessible data.

Note : This vulnerability applies to Windows systems only.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-25647 Security-in-Depth issue in the Oracle Database - ZFSSAADM (Google Gson) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-31129 Security-in-Depth issue in the Oracle Application Express (Moment.js) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-34169 Security-in-Depth issue in the GraalVM Multilingual Engine component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-34305 Security-in-Depth issue in the Oracle Database (Apache Tomcat) component of Oracle Database Server. This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-39419 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java VM accessible data.

CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Airlines Data Model

This table provides the text form of the Risk Matrix for Oracle Airlines Data Model.
 

CVE# Description
CVE-2019-10086 Security-in-Depth issue in Oracle Airlines Data Model (component: Installation (Apache Commons BeanUtils)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2019-17195 Security-in-Depth issue in Oracle Airlines Data Model (component: Installation (Nimbus JOSE+JWT)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2020-17521 Security-in-Depth issue in Oracle Airlines Data Model (component: Installation (Apache Groovy)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2020-9546 Security-in-Depth issue in Oracle Airlines Data Model (component: Installation (jackson-databind)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-22118 Security-in-Depth issue in Oracle Airlines Data Model (component: Installation (Spring Framework)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-29425 Security-in-Depth issue in Oracle Airlines Data Model (component: Installation (Apache Commons IO)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-4104 Security-in-Depth issue in Oracle Airlines Data Model (component: Installation (Apache Log4j)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle Big Data Graph

This table provides the text form of the Risk Matrix for Oracle Big Data Graph.
 

CVE# Description
CVE-2022-34305 Security-in-Depth issue in the Big Data Spatial and Graph product of Oracle Big Data Graph (component: Big Data Graph (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle Communications Data Model

This table provides the text form of the Risk Matrix for Oracle Communications Data Model.
 

CVE# Description
CVE-2019-0227 Security-in-Depth issue in Oracle Communications Data Model (component: Utilities (Apache Axis)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2019-10086 Security-in-Depth issue in Oracle Communications Data Model (component: Utilities (Apache Commons BeanUtils)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2020-11987 Vulnerability in Oracle Communications Data Model (component: Utilities (Apache Batik)). The supported version that is affected is 12.2.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Data Model. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Data Model accessible data.

CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Essbase

This table provides the text form of the Risk Matrix for Oracle Essbase.
 

CVE# Description
CVE-2021-22946 Vulnerability in Oracle Essbase (component: Build (cURL)). The supported version that is affected is 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Essbase accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in Oracle Essbase (component: Essbase Web Platform (Apache Log4j)). The supported version that is affected is 21.3. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in takeover of Oracle Essbase.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle GoldenGate

This table provides the text form of the Risk Matrix for Oracle GoldenGate.
 

CVE# Description
CVE-2018-18893 Vulnerability in the Oracle Goldengate product of Oracle GoldenGate (component: Stream Analytics (JinJava)). The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Goldengate. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Goldengate accessible data.

CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2020-35169 Vulnerability in Oracle GoldenGate (component: Oracle GoldenGate Microservices (Dell BSAFE Micro Edition Suite)). The supported version that is affected is 19c. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23181 Security-in-Depth issue in Oracle GoldenGate (component: Stream Analytics (Apache Tomcat)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle NoSQL Database

This table provides the text form of the Risk Matrix for Oracle NoSQL Database.
 

CVE# Description
CVE-2020-36518 Security-in-Depth issue in Oracle NoSQL Database (component: Administration (jackson-databind)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-25647 Security-in-Depth issue in Oracle NoSQL Database (component: Administration (Google Gson)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle Secure Backup

This table provides the text form of the Risk Matrix for Oracle Secure Backup.
 

CVE# Description
CVE-2021-21708 Security-in-Depth issue in Oracle Secure Backup (component: Oracle Secure Backup (PHP)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2022-31813 Vulnerability in Oracle Secure Backup (component: Oracle Secure Backup (Apache HTTP Server)). Supported versions that are affected are Prior to 18.1.0.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Secure Backup. Successful attacks of this vulnerability can result in takeover of Oracle Secure Backup.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle SQL Developer

This table provides the text form of the Risk Matrix for Oracle SQL Developer.
 

CVE# Description
CVE-2020-11987 Security-in-Depth issue in Oracle SQL Developer (component: Install (Apache Batik)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-38153 Security-in-Depth issue in Oracle SQL Developer (component: Install (Apache Kafka)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle TimesTen In-Memory Database

This table provides the text form of the Risk Matrix for Oracle TimesTen In-Memory Database.
 

CVE# Description
CVE-2022-28327 Security-in-Depth issue in Oracle TimesTen In-Memory Database (component: Kubernetes Operator (Golang Go)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]

Text Form of Risk Matrix for Oracle Commerce

This table provides the text form of the Risk Matrix for Oracle Commerce.
 

CVE# Description
CVE-2020-10683 Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework (dom4j)). Supported versions that are affected are 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Endeca Integration (Spring Framework)). Supported versions that are affected are 11.3.0-11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Platform.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Endeca Integration (Apache Xerces-J)). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Platform.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Communications Applications

This table provides the text form of the Risk Matrix for Oracle Communications Applications.
 

CVE# Description
CVE-2018-1311 Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common (Apache Xerces-C)). Supported versions that are affected are 6.0.1.0.0 and 12.0.1.0.0-12.0.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergent Charging Controller.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2018-1311 Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Gateway (Apache Xerces-C)). Supported versions that are affected are 6.0.1.0.0 and 12.0.1.0.0-12.0.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in takeover of Oracle Communications Network Charging and Control.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle Communications Instant Messaging Server product of Oracle Communications Applications (component: PresenceAPI (jackson-databind)). The supported version that is affected is 10.0.1.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Instant Messaging Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Instant Messaging Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: REST Service Manager (jackson-databind)). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Pricing Design Center.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-21295 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: REST Service Manager (Netty)). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Pricing Design Center accessible data.

CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2021-23450 Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Framework (dojo)). The supported version that is affected is 3.0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergence.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-3918 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: REST API (json-schema)). Supported versions that are affected are Prior to 5.5.7.0.0 and 6.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-43527 Vulnerability in the Oracle Communications Messaging Server product of Oracle Communications Applications (component: Security (NSS)). The supported version that is affected is 8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Messaging Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Messaging Server.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in the Oracle Communications Instant Messaging Server product of Oracle Communications Applications (component: Installation (Apache Log4j)). The supported version that is affected is 10.0.1.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Instant Messaging Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Instant Messaging Server.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in the Oracle Communications MetaSolv Solution product of Oracle Communications Applications (component: Framework (Apache Log4j)). The supported version that is affected is 6.3.1. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications MetaSolv Solution. Successful attacks of this vulnerability can result in takeover of Oracle Communications MetaSolv Solution.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Installer (Apache Log4j)). Supported versions that are affected are 7.3 and 7.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Order and Service Management.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-2048 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: Message Bus (Eclipse Jetty)). Supported versions that are affected are Prior to 5.5.7.0.0 and 6.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2068 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: User Interface (OpenSSL)). Supported versions that are affected are Prior to 5.5.7.0.0 and 6.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-21601 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Billing and Revenue Management.

CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). ( legend ) [ Advisory ]
CVE-2022-23181 Vulnerability in the Oracle Communications Instant Messaging Server product of Oracle Communications Applications (component: Installation (Apache Tomcat)). The supported version that is affected is 10.0.1.6.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Instant Messaging Server executes to compromise Oracle Communications Instant Messaging Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Instant Messaging Server.

CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Communications MetaSolv Solution product of Oracle Communications Applications (component: Framework (Apache Xerces-J)). The supported version that is affected is 6.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications MetaSolv Solution. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications MetaSolv Solution.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Installer (Apache Xerces-J)). Supported versions that are affected are 7.3 and 7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Order and Service Management.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23632 Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security (Traefik)). The supported version that is affected is 7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Order and Service Management.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-24823 Vulnerability in the Oracle Communications Design Studio product of Oracle Communications Applications (component: PSR Designer (Netty)). The supported version that is affected is 7.4.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Design Studio executes to compromise Oracle Communications Design Studio. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Design Studio accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-24823 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: Rest Service Manager (Netty)). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Pricing Design Center executes to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Pricing Design Center accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-25857 Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: REST Service Manager (SnakeYAML)). Supported versions that are affected are 12.0.0.5.0-12.0.0.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Pricing Design Center.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care (Moment.js)). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the Oracle Communications Design Studio product of Oracle Communications Applications (component: PSR Designer (Moment.js)). The supported version that is affected is 7.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Design Studio. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Design Studio.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31813 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: User Interface (Apache HTTP Server)). Supported versions that are affected are Prior to 5.5.7.0.0 and 6.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks of this vulnerability can result in takeover of Oracle Communications Unified Assurance.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-34305 Vulnerability in the Oracle Communications Unified Assurance product of Oracle Communications Applications (component: REST API (Apache Tomcat)). Supported versions that are affected are Prior to 5.5.7.0.0 and 6.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Unified Assurance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Unified Assurance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Unified Assurance accessible data as well as unauthorized read access to a subset of Oracle Communications Unified Assurance accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-35737 Vulnerability in the Oracle Communications Convergent Charging Controller product of Oracle Communications Applications (component: Common (SQLite)). Supported versions that are affected are 6.0.1.0.0 and 12.0.1.0.0-12.0.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Convergent Charging Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Convergent Charging Controller.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-35737 Vulnerability in the Oracle Communications Network Charging and Control product of Oracle Communications Applications (component: Common (SQLite)). Supported versions that are affected are 6.0.1.0.0 and 12.0.1.0.0-12.0.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Network Charging and Control. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Network Charging and Control.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Communications

This table provides the text form of the Risk Matrix for Oracle Communications.
 

CVE# Description
CVE-2018-25032 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: DBTier (zlib)). Supported versions that are affected are 22.1.0 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2018-25032 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Installer (zlib)). The supported version that is affected is 22.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2018-25032 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (zlib)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Diameter Signaling Router.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2018-25032 Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: System (zlib)). Supported versions that are affected are 8.4, 9.0 and 9.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2019-3862 Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Platform (libssh2)). The supported version that is affected is 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SSH-2 to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications User Data Repository accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications User Data Repository.

CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-10878 Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Platform (PERL)). The supported version that is affected is 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications User Data Repository as well as unauthorized update, insert or delete access to some of Oracle Communications User Data Repository accessible data and unauthorized read access to a subset of Oracle Communications User Data Repository accessible data.

CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ]
CVE-2020-11022 Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Platform (HTTP)). The supported version that is affected is 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications User Data Repository. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications User Data Repository, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications User Data Repository accessible data as well as unauthorized read access to a subset of Oracle Communications User Data Repository accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2020-13936 Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Platform (Apache Velocity Engine)). The supported version that is affected is 12.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications User Data Repository.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-29582 Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Platform (JetBrains Kotlin)). The supported version that is affected is 12.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications User Data Repository accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle Communications Evolved Communications Application Server product of Oracle Communications (component: Platform (jackson-databind)). The supported version that is affected is 7.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via JSON to compromise Oracle Communications Evolved Communications Application Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Evolved Communications Application Server.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (jackson-databind)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Policy Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle Communications Services Gatekeeper product of Oracle Communications (component: Core (jackson-databind)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Services Gatekeeper. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Services Gatekeeper.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-6950 Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Platform (Eclipse Mojarra)). The supported version that is affected is 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications User Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications User Data Repository accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-21707 Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Platform (PHP)). The supported version that is affected is 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications User Data Repository accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-21708 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (PHP)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-21783 Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Platform (gSOAP)). The supported version that is affected is 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via GSOAP to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications User Data Repository.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-23450 Vulnerability in the Oracle Communications WebRTC Session Controller product of Oracle Communications (component: Platform (dojo)). Supported versions that are affected are 7.2.0 and 7.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications WebRTC Session Controller. Successful attacks of this vulnerability can result in takeover of Oracle Communications WebRTC Session Controller.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-2351 Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Security (OJDBC)). The supported version that is affected is 12.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Communications User Data Repository. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications User Data Repository, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications User Data Repository.

CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-28165 Vulnerability in the Oracle Communications Converged Application Server - Service Controller product of Oracle Communications (component: Platform (Eclipse Jetty)). The supported version that is affected is 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Converged Application Server - Service Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Converged Application Server - Service Controller.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-31805 Vulnerability in the Oracle Communications Policy Management product of Oracle Communications (component: Configuration Management Platform (Apache Struts)). The supported version that is affected is 12.6.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Policy Management.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-3426 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Python)). The supported version that is affected is 1.9.0. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Function Cloud Native Environment accessible data.

CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-3597 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Signaling (undertow)). The supported version that is affected is 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-3597 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Signaling (undertow)). The supported version that is affected is 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy.

CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-4034 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Platform (Polkit)). The supported version that is affected is 7.0.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle SD-WAN Edge executes to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-40528 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (GnuPG Libgcrypt)). Supported versions that are affected are 22.1.0 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Network Function Cloud Native Environment accessible data.

CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-40690 Vulnerability in the Oracle Communications Services Gatekeeper product of Oracle Communications (component: OAuth (Apache Santuario XML Security for Java)). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Services Gatekeeper. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Services Gatekeeper accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications (component: Management (jQueryUI)). The supported version that is affected is 9.0.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Aware. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle SD-WAN Aware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle SD-WAN Aware accessible data as well as unauthorized read access to a subset of Oracle SD-WAN Aware accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-4178 Security-in-Depth issue in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Kubernetes Client)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2021-43527 Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Platform (NSS)). The supported version that is affected is 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications User Data Repository.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-44790 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Management (Apache HTTP Server)). The supported version that is affected is 7.0.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Signaling (Apache Log4j)). The supported version that is affected is 22.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Signaling (Apache Log4j)). The supported version that is affected is 22.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Policy.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-1154 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: DBTier (vim)). Supported versions that are affected are 22.1.0 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Communications Cloud Native Core Network Function Cloud Native Environment executes to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Function Cloud Native Environment.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-1292 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Installer (OpenSSL)). The supported version that is affected is 22.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-1586 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (PCRE2)). The supported version that is affected is 22.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Security Edge Protection Proxy accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-1586 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (PCRE2)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Unified Data Repository accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository.

CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2048 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: GEN (Eclipse Jetty)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21123 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Microcode Controller)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Diameter Signaling Router executes to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Diameter Signaling Router accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-2191 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (Eclipse Jetty)). The supported version that is affected is 22.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2191 Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Installation (Eclipse Jetty)). The supported version that is affected is 22.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Repository Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2191 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (Eclipse Jetty)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Security (Spring Framework)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via LDAP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications (component: Platform (Spring Framework)). The supported version that is affected is 6.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Communications Interactive Session Recorder. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Interactive Session Recorder.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Management (Spring Framework)). The supported version that is affected is 9.1.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle SD-WAN Edge.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22978 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (Spring Security)). The supported version that is affected is 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-22978 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: Authentication (Spring Security)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-22978 Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications (component: Platform (Spring Security)). The supported version that is affected is 6.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Interactive Session Recorder. Successful attacks of this vulnerability can result in takeover of Oracle Communications Interactive Session Recorder.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-22978 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications (component: Management (Spring Security)). The supported version that is affected is 9.1.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23218 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (glibc)). The supported version that is affected is 22.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23219 Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing (glibc)). Supported versions that are affected are 8.4, 9.0 and 9.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Border Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Session Border Controller as well as unauthorized update, insert or delete access to some of Oracle Communications Session Border Controller accessible data and unauthorized read access to a subset of Oracle Communications Session Border Controller accessible data.

CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ]
CVE-2022-24761 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: DBTier (waitress)). Supported versions that are affected are 22.1.0 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Function Cloud Native Environment accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-24785 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (Moment.js)). Supported versions that are affected are 22.1 and 22.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Function Cloud Native Environment accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Communications Cloud Native Core Binding Support Function product of Oracle Communications (component: Signaling (Google Gson)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Binding Support Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Binding Support Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Installer (Google Gson)). The supported version that is affected is 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Communications Cloud Native Core Policy product of Oracle Communications (component: Signaling (Google Gson)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Policy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Policy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Communications WebRTC Session Controller product of Oracle Communications (component: Platform (Google Gson)). Supported versions that are affected are 7.2.0 and 7.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications WebRTC Session Controller. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications WebRTC Session Controller.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25857 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Installer (SnakeYAML)). The supported version that is affected is 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Console.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25857 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Platform (SnakeYAML)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25857 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Signaling (SnakeYAML)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25857 Vulnerability in the Oracle Communications Cloud Native Core Service Communication Proxy product of Oracle Communications (component: Signaling (SnakeYAML)). Supported versions that are affected are 22.2.3, 22.3.1 and 22.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Service Communication Proxy. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Service Communication Proxy.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25857 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Security (SnakeYAML)). Supported versions that are affected are 22.2.1 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-27782 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (cURL)). Supported versions that are affected are 22.1.0 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Cloud Native Core Network Function Cloud Native Environment accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-29824 Vulnerability in the Oracle Communications Cloud Native Core Network Function Cloud Native Environment product of Oracle Communications (component: Configuration (libxml2)). Supported versions that are affected are 22.2.1 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Function Cloud Native Environment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Function Cloud Native Environment.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-29885 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: BEServer (Apache Tomcat)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Element Manager.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31813 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache HTTP Server)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks of this vulnerability can result in takeover of Oracle Communications Diameter Signaling Router.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31813 Vulnerability in the Oracle Communications Element Manager product of Oracle Communications (component: FEServer (Apache HTTP Server)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Element Manager. Successful attacks of this vulnerability can result in takeover of Oracle Communications Element Manager.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31813 Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Platform (Apache HTTP Server)). The supported version that is affected is 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications User Data Repository. Successful attacks of this vulnerability can result in takeover of Oracle Communications User Data Repository.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31813 Vulnerability in the Oracle Enterprise Operations Monitor product of Oracle Communications (component: User Login (Apache HTTP Server)). Supported versions that are affected are 4.4 and 5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Operations Monitor.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-32206 Vulnerability in the Oracle Communications Cloud Native Core Network Exposure Function product of Oracle Communications (component: Oracle Linux (cURL)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Exposure Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Network Exposure Function.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-32206 Vulnerability in the Oracle Communications Cloud Native Core Security Edge Protection Proxy product of Oracle Communications (component: Configuration (cURL)). The supported version that is affected is 22.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Cloud Native Core Security Edge Protection Proxy. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Security Edge Protection Proxy.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-32206 Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Signaling (cURL)). The supported version that is affected is 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Cloud Native Core Unified Data Repository.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-34305 Vulnerability in the Oracle Communications Diameter Signaling Router product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 8.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-34305 Vulnerability in the Oracle Communications Session Report Manager product of Oracle Communications (component: BEServer (Apache Tomcat)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Session Report Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Session Report Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Session Report Manager accessible data as well as unauthorized read access to a subset of Oracle Communications Session Report Manager accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-34305 Vulnerability in the Oracle Communications User Data Repository product of Oracle Communications (component: Platform (Apache Tomcat)). The supported version that is affected is 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications User Data Repository. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications User Data Repository, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications User Data Repository accessible data as well as unauthorized read access to a subset of Oracle Communications User Data Repository accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-36033 Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Installer (jsoup)). The supported version that is affected is 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Console, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Console accessible data as well as unauthorized read access to a subset of Oracle Communications Cloud Native Core Console accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Construction and Engineering

This table provides the text form of the Risk Matrix for Oracle Construction and Engineering.
 

CVE# Description
CVE-2020-13936 Security-in-Depth issue in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, User Interface (Apache Velocity Engine)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2020-7712 Security-in-Depth issue in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (Apache ZooKeeper)). This vulnerability cannot be exploited in the context of this product. [ Advisory ]
CVE-2020-9492 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (Apache Solr)). Supported versions that are affected are 18.8, 19.12, 20.12 and 21.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera Unifier.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23457 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: User Interface (Enterprise Security API)). Supported versions that are affected are 18.8, 19.12, 20.12 and 21.12. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in takeover of Primavera Unifier.

CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: Admin (Moment.js)). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.14, 20.12.0-20.12.9 and 21.12.0-21.12.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Primavera Gateway.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: User Interface (Moment.js)). Supported versions that are affected are 19.12, 20.12 and 21.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier.

CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2022-33879 Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Document Management (Apache Tika)). Supported versions that are affected are 18.8, 19.12, 20.12 and 21.12. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Primavera Unifier executes to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Primavera Unifier.

CVSS 3.1 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle E-Business Suite

This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
 

CVE# Description
CVE-2019-10086 Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Common Modules (Apache Commons BeanUtils)). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Human Resources accessible data as well as unauthorized read access to a subset of Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources.

CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). ( legend ) [ Advisory ]
CVE-2022-21587 Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-21636 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Session Management). Supported versions that are affected are 12.2.6-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-23305 Vulnerability in the Application Management Pack for Oracle E-Business Suite product of Oracle E-Business Suite (component: EBS EM Plugin (Apache Log4j)). The supported version that is affected is 13.4.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in takeover of Application Management Pack for Oracle E-Business Suite.

Note : Please refer support Doc ID 2858304.1 for the patch.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-39428 Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Enterprise Manager

This table provides the text form of the Risk Matrix for Oracle Enterprise Manager.
 

CVE# Description
CVE-2018-1285 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Management (Apache log4net)). The supported version that is affected is 13.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Enterprise Manager for Virtualization product of Oracle Enterprise Manager (component: Plug-In Lifecycle (jackson-databind)). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager for Virtualization. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager for Virtualization.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-23450 Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager (component: Networking (dojo)). The supported version that is affected is 12.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Ops Center.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-4104 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Management (Apache Log4j)). The supported version that is affected is 13.4.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform.

CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-21623 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Enterprise Manager Base Platform accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Financial Services Applications

This table provides the text form of the Risk Matrix for Oracle Financial Services Applications.
 

CVE# Description
CVE-2020-36518 Vulnerability in the Oracle Banking Enterprise Default Management product of Oracle Financial Services Applications (component: Collections (jackson-databind)). The supported version that is affected is 2.12.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Enterprise Default Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Enterprise Default Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle Banking Loans Servicing product of Oracle Financial Services Applications (component: Web UI (jackson-databind)). Supported versions that are affected are 2.8.0 and 2.12.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Loans Servicing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Loans Servicing.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (jackson-databind)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Party Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Security (jackson-databind)). Supported versions that are affected are 2.7.1, 2.9.0 and 2.12.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Platform.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-40690 Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer & Configuration (Apache Santuario XML Security For Java)). The supported version that is affected is 8.1.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Model Management and Governance accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer & Configuration (Apache Log4j)). Supported versions that are affected are 8.0.8.0, 8.1.0.0 and 8.1.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Model Management and Governance.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Others (Spring Framework)). Supported versions that are affected are 8.0.7.0-8.1.0.0, 8.1.1.0, 8.1.2.0 and 8.1.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: User Interface (Spring Framework)). Supported versions that are affected are 8.0.7.2, 8.0.8.1, 8.1.1.0, 8.1.1.1, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Behavior Detection Platform.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Financial Services Enterprise Case Management product of Oracle Financial Services Applications (component: Installer (Spring Framework)). Supported versions that are affected are 8.0.7.3, 8.0.8.2, 8.1.1.0, 8.1.1.1, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Enterprise Case Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Enterprise Case Management.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer & Configuration (Spring Framework)). Supported versions that are affected are 8.0.8.0, 8.1.0.0 and 8.1.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Model Management and Governance.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: User Interface (Spring Framework)). Supported versions that are affected are 8.0.7.0 and 8.0.8.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23181 Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer & Configuration (Apache Tomcat)). Supported versions that are affected are 8.0.8.0, 8.1.0.0 and 8.1.1.0. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Model Management and Governance executes to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Model Management and Governance.

CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23457 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Others (Enterprise Security API)). Supported versions that are affected are 8.0.7.0-8.1.0.0, 8.1.1.0, 8.1.2.0 and 8.1.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-24823 Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer & Configuration (Netty)). Supported versions that are affected are 8.0.8.0, 8.1.0.0 and 8.1.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Model Management and Governance executes to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Model Management and Governance accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Security (Google Gson)). The supported version that is affected is 2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Platform.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer & Configuration (Google Gson)). Supported versions that are affected are 8.0.8.0, 8.1.0.0 and 8.1.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Model Management and Governance.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-29577 Vulnerability in the Oracle Banking Enterprise Default Management product of Oracle Financial Services Applications (component: Collections (AntiSamy)). The supported version that is affected is 2.12.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Enterprise Default Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Enterprise Default Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Enterprise Default Management accessible data as well as unauthorized read access to a subset of Oracle Banking Enterprise Default Management accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-29577 Vulnerability in the Oracle Banking Party Management product of Oracle Financial Services Applications (component: Web UI (AntiSamy)). The supported version that is affected is 2.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Party Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Party Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Party Management accessible data as well as unauthorized read access to a subset of Oracle Banking Party Management accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-29577 Vulnerability in the Oracle Banking Platform product of Oracle Financial Services Applications (component: Security (AntiSamy)). The supported version that is affected is 2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Platform accessible data as well as unauthorized read access to a subset of Oracle Banking Platform accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Others (Moment.js)). Supported versions that are affected are 8.0.7.0-8.1.0.0, 8.1.1.0, 8.1.2.0 and 8.1.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: User Interface (Moment.js)). Supported versions that are affected are 8.0.7.2, 8.0.8.1, 8.1.1.0, 8.1.1.1, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Behavior Detection Platform.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the Oracle Financial Services Enterprise Case Management product of Oracle Financial Services Applications (component: Installer (Moment.js)). Supported versions that are affected are 8.0.7.3, 8.0.8.2, 8.1.1.0, 8.1.1.1, 8.1.2.0, 8.1.2.1 and 8.1.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Enterprise Case Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Enterprise Case Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the Oracle Financial Services Model Management and Governance product of Oracle Financial Services Applications (component: Installer (Moment.js)). Supported versions that are affected are 8.0.8.0 and 8.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Model Management and Governance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Model Management and Governance.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition product of Oracle Financial Services Applications (component: User Interface (Moment.js)). Supported versions that are affected are 8.0.7.0 and 8.0.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Fusion Middleware

This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
 

CVE# Description
CVE-2018-25032 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters (Python)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2019-17195 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: WLS Configuration Template (Nimbus JOSE+JWT)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Data Integrator.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-13936 Vulnerability in the Oracle Identity Management Suite product of Oracle Fusion Middleware (component: Installer (Apache Velocity Engine)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Management Suite. Successful attacks of this vulnerability can result in takeover of Oracle Identity Management Suite.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-14155 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (PCRE)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server.

CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2020-17521 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Runtime Java agent for ODI (Apache Groovy)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Data Integrator executes to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Data Integrator accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2020-17521 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Groovy)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2020-24977 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener (libxml2)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server.

CVSS 3.1 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). ( legend ) [ Advisory ]
CVE-2020-28052 Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Installer (Bouncy Castle Java Library)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in takeover of Oracle Business Process Management Suite.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-28052 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Bouncy Castle Java Library)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server (jackson-databind)). The supported version that is affected is 6.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (jackson-databind)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-23450 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (dojo)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-23450 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (dojo)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-29425 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Runtime Java agent for ODI (Apache Commons IO)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Data Integrator accessible data as well as unauthorized read access to a subset of Oracle Data Integrator accessible data.

CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-29425 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Commons IO)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-34429 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Runtime Java agent for ODI (Eclipse Jetty)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Data Integrator accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-3537 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (libxml2)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server.

CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-36090 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web ADF Integration (Apache Commons Compress)). The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-40690 Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: Web Server (Apache CXF)). Supported versions that are affected are 5.9.0.0 and 6.4.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-40690 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Apache Santuario XML Security For Java)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Portal accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle MapViewer product of Oracle Fusion Middleware (component: Oracle Maps (jQueryUI)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MapViewer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle MapViewer, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle MapViewer accessible data as well as unauthorized read access to a subset of Oracle MapViewer accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-43859 Vulnerability in the Oracle Business Activity Monitoring(Oracle BAM) product of Oracle Fusion Middleware (component: General (XStream)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Activity Monitoring(Oracle BAM). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Activity Monitoring(Oracle BAM).

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-43859 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (XStream)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-43859 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (XStream)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Sites.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21590 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Core Formatting API). Supported versions that are affected are 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher.

CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). ( legend ) [ Advisory ]
CVE-2022-21593 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data as well as unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data.

CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-21609 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). The supported version that is affected is 5.9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data.

CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-21612 Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Data Quality accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data.

CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-21613 Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Data Quality, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Data Quality accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Data Quality.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L). ( legend ) [ Advisory ]
CVE-2022-21614 Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-21615 Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Data Quality, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data.

CVSS 3.1 Base Score 7.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-21616 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data and unauthorized read access to a subset of Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 5.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H). ( legend ) [ Advisory ]
CVE-2022-21622 Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SOA Suite accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-22968 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples (Spring Framework)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data.

CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Runtime Java agent for ODI (Spring Framework)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Data Integrator.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Thirdparty Patch (Spring Framework)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Spring Framework)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23305 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Third Party Patch (Apache Log4j)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in takeover of Oracle Middleware Common Libraries and Tools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23305 Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Web Content Management (Apache Log4j)). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Content.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Apache Xerces-J)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Xerces-J)). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23943 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache HTTP Server)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-24729 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server (CKEditor)). Supported versions that are affected are 5.9.0.0 and 6.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-24729 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-24729 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (CKEditor)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Sites.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-24823 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Configuration and Parsing (Netty)). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Coherence executes to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Coherence accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-24823 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Netty)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle WebCenter Portal executes to compromise Oracle WebCenter Portal. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Portal accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-25315 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters (LibExpat)). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security (Google Gson)). Supported versions that are affected are 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle BI Publisher.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Runtime Java agent for ODI (Google Gson)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Data Integrator.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Middleware Common Libraries and Tools product of Oracle Fusion Middleware (component: Thirdparty Patch (Google Gson)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Middleware Common Libraries and Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Middleware Common Libraries and Tools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-30126 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework (Apache Tika)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebCenter Portal executes to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebCenter Portal.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-32532 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites (Apache Shiro)). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-33980 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Application Archive (Apache Commons Configuration)). Supported versions that are affected are 5.9.0.0 and 6.4.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-39405 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data.

CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-39412 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle HealthCare Applications

This table provides the text form of the Risk Matrix for Oracle HealthCare Applications.
 

CVE# Description
CVE-2020-36518 Vulnerability in the Oracle Healthcare Translational Research product of Oracle HealthCare Applications (component: Data Studio (jackson-databind)). The supported version that is affected is 4.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Translational Research. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Translational Research.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Healthcare Master Person Index product of Oracle HealthCare Applications (component: Master Index (Spring Framework)). Supported versions that are affected are 5.0.0-5.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Healthcare Master Person Index. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Master Person Index.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Healthcare Data Repository product of Oracle HealthCare Applications (component: Install (Google Gson)). Supported versions that are affected are 8.1.1, 8.1.2 and 8.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Data Repository. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Data Repository.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Healthcare Master Person Index product of Oracle HealthCare Applications (component: Master Index (Google Gson)). Supported versions that are affected are 5.0.0-5.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Master Person Index. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Healthcare Master Person Index.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-33980 Vulnerability in the Oracle Healthcare Foundation product of Oracle HealthCare Applications (component: Upload Service (Apache Commons Configuration)). Supported versions that are affected are 8.1 and 8.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Healthcare Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Healthcare Foundation.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Hospitality Applications

This table provides the text form of the Risk Matrix for Oracle Hospitality Applications.
 

CVE# Description
CVE-2021-36483 Vulnerability in the Oracle Hospitality Cruise Fleet Management System product of Oracle Hospitality Applications (component: FMS Suite (DevExpress)). The supported version that is affected is 9.1.5. Easily exploitable vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Hospitality Cruise Fleet Management System. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Cruise Fleet Management System.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System product of Oracle Hospitality Applications (component: Next-Gen SPMS (Spring Boot)). The supported version that is affected is 20.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Cruise Shipboard Property Management System.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: Webconnect (Moment.js)). Supported versions that are affected are 8.10.2, 8.11.0, 8.12.0, 8.13.0 and 8.14.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Suite8.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-34305 Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System product of Oracle Hospitality Applications (component: Next-Gen SPMS (Apache Tomcat)). The supported version that is affected is 20.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Cruise Shipboard Property Management System, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Shipboard Property Management System accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Shipboard Property Management System accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Hyperion

This table provides the text form of the Risk Matrix for Oracle Hyperion.
 

CVE# Description
CVE-2022-33980 Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Installation and Configuration (Apache Commons Configuration)). The supported version that is affected is 11.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Infrastructure Technology.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Insurance Applications

This table provides the text form of the Risk Matrix for Oracle Insurance Applications.
 

CVE# Description
CVE-2019-12415 Vulnerability in the Oracle Insurance Insbridge Rating and Underwriting product of Oracle Insurance Applications (component: Framework Administrator IBFA (Apache POI)). Supported versions that are affected are 5.2.0 and 5.4.0-5.6.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Insurance Insbridge Rating and Underwriting executes to compromise Oracle Insurance Insbridge Rating and Underwriting. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Insurance Insbridge Rating and Underwriting accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle Documaker Enterprise Edition product of Oracle Insurance Applications (component: Development Tools (jackson-databind)). Supported versions that are affected are 12.6-12.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker Enterprise Edition.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-29425 Vulnerability in the Oracle Insurance Insbridge Rating and Underwriting product of Oracle Insurance Applications (component: Framework Administrator IBFA (Apache Commons IO)). Supported versions that are affected are 5.2.0 and 5.4.0-5.6.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Insurance Insbridge Rating and Underwriting. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Insurance Insbridge Rating and Underwriting accessible data as well as unauthorized read access to a subset of Oracle Insurance Insbridge Rating and Underwriting accessible data.

CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Documaker Enterprise Edition product of Oracle Insurance Applications (component: Interactive Docupresentment Server (Spring Framework)). Supported versions that are affected are 12.6-12.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Documaker Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker Enterprise Edition.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Documaker Enterprise Edition product of Oracle Insurance Applications (component: Development Tools (Google Gson)). Supported versions that are affected are 12.6-12.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Documaker Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Documaker Enterprise Edition.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Java SE

This table provides the text form of the Risk Matrix for Oracle Java SE.
 

CVE# Description
CVE-2022-21597 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-21618 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-21619 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-21624 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-21626 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2022-21628 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2022-21634 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-32215 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Node (Node.js)). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle GraalVM Enterprise Edition accessible data.

CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-39399 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note : This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle JD Edwards

This table provides the text form of the Risk Matrix for Oracle JD Edwards.
 

CVE# Description
CVE-2020-36518 Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (jackson-databind)). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Orchestrator.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC (jackson-databind)). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC (jackson-databind)). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-43527 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (NSS)). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-1292 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC (OpenSSL)). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-21629 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-21630 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-21631 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security (Apache Xerces-J)). Supported versions that are affected are 9.2.6.2 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Orchestrator.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC (Apache Xerces-J)). Supported versions that are affected are 9.2.6.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle MySQL

This table provides the text form of the Risk Matrix for Oracle MySQL.
 

CVE# Description
CVE-2022-2097 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Connectors accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-2097 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Connectors accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-2097 Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup (OpenSSL)). Supported versions that are affected are 4.1.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Enterprise Backup accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-2097 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (OpenSSL)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Enterprise Monitor accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-2097 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-2097 Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (OpenSSL)). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-21589 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-21592 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-21594 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21595 Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21599 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21600 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server.

CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-21604 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21605 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21607 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21608 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21611 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21617 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21625 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21632 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21633 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21635 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-21637 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21638 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21640 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21641 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-29824 Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (libxml2)). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Moment.js)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Monitor.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-32207 Vulnerability in the MySQL Enterprise Backup product of Oracle MySQL (component: Enterprise Backup: Security (cURL)). Supported versions that are affected are 4.1.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Backup. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Backup.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-34305 Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General (Apache Tomcat)). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data as well as unauthorized read access to a subset of MySQL Enterprise Monitor accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-35737 Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (SQLite)). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Workbench.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-39400 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-39402 Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Shell accessible data.

CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-39403 Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Shell accessible data as well as unauthorized read access to a subset of MySQL Shell accessible data.

CVSS 3.1 Base Score 3.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-39404 Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are 1.6.3 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Installer accessible data as well as unauthorized read access to a subset of MySQL Installer accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Installer.

CVSS 3.1 Base Score 4.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L). ( legend ) [ Advisory ]
CVE-2022-39408 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-39410 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle PeopleSoft

This table provides the text form of the Risk Matrix for Oracle PeopleSoft.
 

CVE# Description
CVE-2021-22144 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Grok Parser)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2097 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security (OpenSSL)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-21602 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-21639 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search Integration). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-24823 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Netty)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search (Google Gson)). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-39406 Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft (component: Approval Framework). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise Common Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise Common Components accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise Common Components accessible data.

CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-39407 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.58, 8.59 and 8.60. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Retail Applications

This table provides the text form of the Risk Matrix for Oracle Retail Applications.
 

CVE# Description
CVE-2020-36518 Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Foundation (jackson-databind)). The supported version that is affected is 15.0.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Merchandising System.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle Retail Service Backbone product of Oracle Retail Applications (component: RSB Installation (jackson-databind)). Supported versions that are affected are 14.1.3.2, 15.0.3.1 and 16.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Service Backbone. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Service Backbone.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-6950 Vulnerability in the Oracle Retail Customer Insights product of Oracle Retail Applications (component: Other (Eclipse Mojarra)). Supported versions that are affected are 15.0.2 and 16.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Insights. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Customer Insights accessible data.

CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-28490 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment (OWASP CSRFGuard)). Supported versions that are affected are 18.0 and 19.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2021-29425 Vulnerability in the Oracle Retail Customer Insights product of Oracle Retail Applications (component: Other (Apache Commons IO)). Supported versions that are affected are 15.02 and 16.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Insights. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Insights accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Insights accessible data.

CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-36374 Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Installation (Apache Ant)). The supported version that is affected is 14.1.3.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Retail Merchandising System executes to compromise Oracle Retail Merchandising System. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Merchandising System.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-36374 Vulnerability in the Oracle Retail Sales Audit product of Oracle Retail Applications (component: others (Apache Ant)). The supported version that is affected is 19.0.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Retail Sales Audit executes to compromise Oracle Retail Sales Audit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Sales Audit.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Retail Back Office product of Oracle Retail Applications (component: Security (jQueryUI)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Back Office, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Back Office accessible data as well as unauthorized read access to a subset of Oracle Retail Back Office accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Retail Central Office product of Oracle Retail Applications (component: Security (jQueryUI)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Central Office. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Central Office, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Central Office accessible data as well as unauthorized read access to a subset of Oracle Retail Central Office accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-41184 Vulnerability in the Oracle Retail Returns Management product of Oracle Retail Applications (component: Security (jQueryUI)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Returns Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Returns Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Returns Management accessible data as well as unauthorized read access to a subset of Oracle Retail Returns Management accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-43859 Vulnerability in the Oracle Retail Customer Insights product of Oracle Retail Applications (component: Other (XStream)). Supported versions that are affected are 15.0.2 and 16.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Insights. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Insights.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2048 Vulnerability in the Oracle Retail EFTLink product of Oracle Retail Applications (component: Other (Eclipse Jetty)). Supported versions that are affected are 20.0.1 and 21.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail EFTLink. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail EFTLink.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Retail Assortment Planning product of Oracle Retail Applications (component: Application Core (Spring Framework)). The supported version that is affected is 16.0.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Assortment Planning. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Assortment Planning.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Retail Customer Insights product of Oracle Retail Applications (component: Other (Spring Framework)). Supported versions that are affected are 15.0.2 and 16.0.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Customer Insights. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Insights.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Retail Merchandising System product of Oracle Retail Applications (component: Foundation (Spring Framework)). The supported version that is affected is 19.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Merchandising System. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Merchandising System.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Oracle Retail Predictive Application Server product of Oracle Retail Applications (component: RPAS Server (Spring Framework)). Supported versions that are affected are 14.1.3.47, 15.0.3.116 and 16.0.3.260. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Predictive Application Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Predictive Application Server.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23305 Vulnerability in the Oracle Retail Fiscal Management product of Oracle Retail Applications (component: Others (Apache Log4j)). The supported version that is affected is 14.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Fiscal Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Fiscal Management.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Retail Back Office product of Oracle Retail Applications (component: Security (Apache Xerces-J)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Back Office.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Retail Central Office product of Oracle Retail Applications (component: Security (Apache Xerces-J)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Central Office. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Central Office.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Retail Fiscal Management product of Oracle Retail Applications (component: OTHERS (Apache Xerces-J)). The supported version that is affected is 14.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Fiscal Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Fiscal Management.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Retail Point Of Service product of Oracle Retail Applications (component: Security (Apache Xerces-J)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Point Of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Point Of Service.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Retail Returns Management product of Oracle Retail Applications (component: Security (Apache Xerces-J)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Returns Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Returns Management.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security (Google Gson)). Supported versions that are affected are 17.0, 18.0 and 19.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail Customer Management and Segmentation Foundation.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Retail EFTLink product of Oracle Retail Applications (component: Installation (Google Gson)). Supported versions that are affected are 20.0.1 and 21.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail EFTLink. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Retail EFTLink.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-29577 Vulnerability in the Oracle Retail Back Office product of Oracle Retail Applications (component: Security (AntiSamy)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Back Office. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Back Office, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Back Office accessible data as well as unauthorized read access to a subset of Oracle Retail Back Office accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-29577 Vulnerability in the Oracle Retail Central Office product of Oracle Retail Applications (component: Security (AntiSamy)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Central Office. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Central Office, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Central Office accessible data as well as unauthorized read access to a subset of Oracle Retail Central Office accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-29577 Vulnerability in the Oracle Retail Returns Management product of Oracle Retail Applications (component: Security (AntiSamy)). The supported version that is affected is 14.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Returns Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Returns Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Returns Management accessible data as well as unauthorized read access to a subset of Oracle Retail Returns Management accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Siebel CRM

This table provides the text form of the Risk Matrix for Oracle Siebel CRM.
 

CVE# Description
CVE-2018-5158 Vulnerability in the Siebel Industry - Life Sciences product of Oracle Siebel CRM (component: eDetailing (PDF Viewer)). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Industry - Life Sciences. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Siebel Industry - Life Sciences.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-16856 Vulnerability in the Siebel Engineering - Rel Eng product of Oracle Siebel CRM (component: Build System (Visual Studio)). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Siebel Engineering - Rel Eng executes to compromise Siebel Engineering - Rel Eng. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Siebel Engineering - Rel Eng.

CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI (jackson-databind)). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel UI Framework.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-23926 Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing (XMLBeans)). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Apps - Marketing accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel Apps - Marketing.

CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-29425 Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing (Apache Commons IO)). Supported versions that are affected are 22.8 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel Apps - Marketing accessible data as well as unauthorized read access to a subset of Siebel Apps - Marketing accessible data.

CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2021-30639 Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing (Apache Tomcat)). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel Apps - Marketing.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-41182 Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: Open UI (jQueryUI)). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-21598 Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM (component: Repository Utilities). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - DB Deployment and Configuration. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel Core - DB Deployment and Configuration accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-22971 Vulnerability in the Siebel Engineering - Installer and Deployment product of Oracle Siebel CRM (component: Siebel Approval Manager (Spring Framework)). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel Engineering - Installer and Deployment. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel Engineering - Installer and Deployment.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-24729 Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: Open UI (CKEditor)). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel UI Framework.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-24785 Vulnerability in the Siebel Core - Common Components product of Oracle Siebel CRM (component: Calendar (Moment.js)). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - Common Components. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel Core - Common Components accessible data.

CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Siebel Core - Automation product of Oracle Siebel CRM (component: Keyword Automation (Google Gson)). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - Automation. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel Core - Automation.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Siebel Core - Common Components product of Oracle Siebel CRM (component: DISA (Google Gson)). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Core - Common Components. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Siebel Core - Common Components.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-34305 Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI (Apache Tomcat)). Supported versions that are affected are 22.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Supply Chain

This table provides the text form of the Risk Matrix for Oracle Supply Chain.
 

CVE# Description
CVE-2020-36518 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient (jackson-databind)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: AutoVue Client and Server (jackson-databind)). The supported version that is affected is 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle AutoVue.

Note : This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2020-36518 Vulnerability in the Oracle Autovue for Agile Product Lifecycle Management product of Oracle Supply Chain (component: Autovue Client (jackson-databind)). The supported version that is affected is 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Autovue for Agile Product Lifecycle Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Autovue for Agile Product Lifecycle Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2048 Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Web General (Eclipse Jetty)). The supported version that is affected is 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle AutoVue.

Note : This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-2048 Vulnerability in the Oracle Autovue for Agile Product Lifecycle Management product of Oracle Supply Chain (component: Autovue Client (Eclipse Jetty)). The supported version that is affected is 21.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Autovue for Agile Product Lifecycle Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Autovue for Agile Product Lifecycle Management.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21591 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: UI Infrastructure). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management.

CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). ( legend ) [ Advisory ]
CVE-2022-23305 Vulnerability in the Oracle Agile Engineering Data Management product of Oracle Supply Chain (component: Installation Issues (Apache Log4j)). The supported version that is affected is 6.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Engineering Data Management. Successful attacks of this vulnerability can result in takeover of Oracle Agile Engineering Data Management.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: XML Parser (Apache Xerces-J)). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Transportation Management.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-24729 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient (CKEditor)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-29885 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Folders, Files & Attachments (Apache Tomcat)). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Agile PLM.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-39409 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Business Process Automation). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Transportation Management.

CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). ( legend ) [ Advisory ]
CVE-2022-39411 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Business Process Automation). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Transportation Management accessible data.

CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-39420 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Functional Security). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Transportation Management accessible data as well as unauthorized read access to a subset of Oracle Transportation Management accessible data.

CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Systems

This table provides the text form of the Risk Matrix for Oracle Systems.
 

CVE# Description
CVE-2020-36518 Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (jackson-databind)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris Cluster.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2021-40690 Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (Apache XML Security For Java)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris Cluster accessible data.

CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2021-44832 Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (Apache Log4j)). The supported version that is affected is 4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Oracle Solaris Cluster.

CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-21610 Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDoms). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris.

CVSS 3.1 Base Score 3.3 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L). ( legend ) [ Advisory ]
CVE-2022-23437 Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (Apache Xerces-J)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris Cluster.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-29577 Vulnerability in the Oracle Solaris Cluster product of Oracle Systems (component: Tools (AntiSamy)). The supported version that is affected is 4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris Cluster. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris Cluster, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris Cluster accessible data as well as unauthorized read access to a subset of Oracle Solaris Cluster accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]
CVE-2022-39401 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-39417 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris.

CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Utilities Applications

This table provides the text form of the Risk Matrix for Oracle Utilities Applications.
 

CVE# Description
CVE-2022-22971 Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Generic (Spring Framework)). Supported versions that are affected are 6.0.0.1.3, 6.0.0.2.4 and 6.0.0.3.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Testing Accelerator.

CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-22978 Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Spring Security)). Supported versions that are affected are 6.0.0.1.3, 6.0.0.2.4 and 6.0.0.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in takeover of Oracle Utilities Testing Accelerator.

CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-24823 Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Netty)). Supported versions that are affected are 6.0.0.1.3, 6.0.0.2.4 and 6.0.0.3.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Utilities Testing Accelerator executes to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Utilities Testing Accelerator accessible data.

CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-25647 Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Google Gson)). Supported versions that are affected are 6.0.0.1.3, 6.0.0.2.4 and 6.0.0.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Testing Accelerator.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-31129 Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Moment.js)). Supported versions that are affected are 6.0.0.1.3 and 6.0.0.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Utilities Testing Accelerator.

CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-34305 Vulnerability in the Oracle Utilities Testing Accelerator product of Oracle Utilities Applications (component: Tools (Apache Tomcat)). Supported versions that are affected are 6.0.0.1.3, 6.0.0.2.4, 6.0.0.3.3 and 7.0.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Utilities Testing Accelerator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Utilities Testing Accelerator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Utilities Testing Accelerator accessible data as well as unauthorized read access to a subset of Oracle Utilities Testing Accelerator accessible data.

CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). ( legend ) [ Advisory ]

Text Form of Risk Matrix for Oracle Virtualization

This table provides the text form of the Risk Matrix for Oracle Virtualization.
 

CVE# Description
CVE-2022-21620 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-21621 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.

CVSS 3.1 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-21627 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox.

CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). ( legend ) [ Advisory ]
CVE-2022-39421 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

Note : This vulnerability applies to Windows systems only.

CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-39422 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-39423 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.38. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.

CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). ( legend ) [ Advisory ]
CVE-2022-39424 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-39425 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-39426 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). ( legend ) [ Advisory ]
CVE-2022-39427 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox.

Note : This vulnerability applies to Windows systems only.

CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). ( legend ) [ Advisory ]