CVE-2023-21894

CWE-284Improper Access Control5 documents5 sources
Severity
7.3HIGH
EPSS
0.3%
top 49.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Global Lifecycle Management Nextgen OUI FrameworkOracle Global Lifecycle Management Nextgen OUI Framework
Timeline
PublishedJan 18
Latest updateApr 11

Description

Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Global Lifecycle Management NextGen OUI Framework executes to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks require human interactio

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-wxhj-ww34-v87f: Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues2023-01-18
CVEList
CVE-2023-21894: Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues2023-01-17

📋Vendor Advisories

1
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: NextGen Installer issues — CVE-2023-218942023-01-15

🕵️Threat Intelligence

1
Microsoft
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign2023-04-11
CVE-2023-21894 (HIGH CVSS 7.3) | Vulnerability in the Oracle Global | cvebase.io