CVE-2023-21894

Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Global Lifecycle Management NextGen OUI Framework executes to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Global Lifecycle Management NextGen OUI Framework. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujan2023.html	Patch Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2023.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:43

Type	Values Removed	Values Added
References	~~() https://www.oracle.com/security-alerts/cpujan2023.html - Patch, Vendor Advisory~~	() https://www.oracle.com/security-alerts/cpujan2023.html - Patch, Vendor Advisory

17 Sep 2024, 02:35

Type	Values Removed	Values Added
CWE		CWE-284

Information

Published : 2023-01-18 00:15

Updated : 2024-11-21 07:43

NVD link : CVE-2023-21894

Mitre link : CVE-2023-21894

CVE.ORG link : CVE-2023-21894

JSON object : View

Products Affected

oracle

global_lifecycle_management_nextgen_oui_framework

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

{"id": "CVE-2023-21894", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2023-01-18T00:15:17.127", "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2023.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www.oracle.com/security-alerts/cpujan2023.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Global Lifecycle Management NextGen OUI Framework executes to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Global Lifecycle Management NextGen OUI Framework. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Global Lifecycle Management NextGen OUI Framework de Oracle Fusion Middleware (componente: problemas del instalador NextGen). Las versiones compatibles que se ven afectadas son anteriores a 13.9.4.2.11. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle Global Lifecycle Management NextGen OUI Framework para comprometer Oracle Global Lifecycle Management NextGen OUI Framework. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Oracle Global Lifecycle Management NextGen OUI Framework. CVSS 3.1 Puntuaci\u00f3n base 7.3 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)."}], "lastModified": "2024-11-21T07:43:51.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9704ED03-C246-4F3C-89F3-8FC7876A1080", "versionEndExcluding": "13.9.4.2.11"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}