CVE-2022-39405Improper Access Control in Corporation Access Manager

CWE-284Improper Access Control4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
1.2%
top 20.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Access ManagerOracle Access Manager
Timeline
PublishedOct 18
Latest updateOct 19

Description

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDoracle/access_manager12.2.1.3.0
CVEListV5oracle_corporation/access_manager12.2.1.3.0

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-5pqf-6c8x-wp4f: Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine)2022-10-19
CVEList
CVE-2022-39405: Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine)2022-10-18

📋Vendor Advisories

1
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Authentication Engine — CVE-2022-394052022-10-15
CVE-2022-39405 — Improper Access Control | cvebase