CVE-2023-21853

Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Synchronization). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Mobile Field Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Mobile Field Service accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujan2023.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:mobile_field_service:*:*:*:*:*:*:*:*

History

17 Sep 2024, 14:35

Type	Values Removed	Values Added
CWE		CWE-284

Information

Published : 2023-01-18 00:15

Updated : 2024-09-17 14:35

NVD link : CVE-2023-21853

Mitre link : CVE-2023-21853

CVE.ORG link : CVE-2023-21853

JSON object : View

Products Affected

oracle

mobile_field_service

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

{"id": "CVE-2023-21853", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-01-18T00:15:14.387", "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2023.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Synchronization). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Mobile Field Service. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Mobile Field Service accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Mobile Field Service de Oracle E-Business Suite (componente: Sincronizaci\u00f3n). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.12. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Mobile Field Service. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada del acceso a datos cr\u00edticos o a todos los datos accesibles de Oracle Mobile Field Service. CVSS 3.1 Puntaje base 7.5 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."}], "lastModified": "2024-09-17T14:35:12.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mobile_field_service:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AB519BA-28E6-471B-8B38-F7A2C6F32832", "versionEndIncluding": "12.2.12", "versionStartIncluding": "12.2.3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}