CVE-2023-21824

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-21824
Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications BRM - Elastic Charging Engine accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

4.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpujan2023.html Patch Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2023.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*
History

21 Nov 2024, 07:43

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en Oracle Communications BRM - Producto Elastic Charging Engine de Oracle Communications Applications (componente: Cliente, Configuración, Pricing Manager). Las versiones compatibles que se ven afectadas son 12.0.0.3.0-12.0.0.7.0. Una vulnerabilidad fácilmente explotable permite a un atacante con altos privilegios iniciar sesión en la infraestructura donde se ejecuta Oracle Communications BRM - Elastic Charging Engine para comprometer Oracle Communications BRM - Elastic Charging Engine. Los ataques exitosos de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos críticos o un acceso completo a todos los datos accesibles de Oracle Communications BRM - Elastic Charging Engine. CVSS 3.1 Puntaje base 4.4 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
References () https://www.oracle.com/security-alerts/cpujan2023.html - Patch, Vendor Advisory () https://www.oracle.com/security-alerts/cpujan2023.html - Patch, Vendor Advisory
Information

Published : 2023-01-18 00:15

Updated : 2024-11-21 07:43

NVD link : CVE-2023-21824

Mitre link : CVE-2023-21824

CVE.ORG link : CVE-2023-21824

JSON object : View

Products Affected

oracle

  • communications_cloud_native_core_policy
  • communications_billing_and_revenue_management_elastic_charging_engine
  • communications_cloud_native_core_binding_support_function
CWE
NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024