CVE-2023-21824
Published Jan 18, 2023
Last updated 2 years ago
Overview
- Description
- Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications BRM - Elastic Charging Engine accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
- Source
- secalert_us@oracle.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.4
- Impact score
- 3.6
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42B900E7-C5D2-48F7-BAA5-F13AC6978AF8",
"versionEndIncluding": "12.0.0.7.0",
"versionStartIncluding": "12.0.0.3.0"
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08C91A8B-640D-4516-9E72-F571900B52DA"
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82091D5D-B9C0-460E-952E-A4E3BFB4369C"
}
],
"operator": "OR"
}
]
}
]