CVE-2023-22088

4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 67.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Communications Order AND Service Management Oracle Communications Order AND Service Management

Timeline

PublishedOct 17

Latest updateOct 18

Description

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: User Management). Supported versions that are affected are 7.4.0 and 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Order and Service …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDoracle/communications_order_and_service_management7.4.0, 7.4.1+1

▶CVEListV5oracle_corporation/communications_order_and_service_management7.4.0, 7.4.1+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-mrmx-w3x5-x556: Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: User Management)↗2023-10-18

▶

CVEList

CVE-2023-22088: Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: User Management)↗2023-10-17

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Applications Risk Matrix: User Management — CVE-2023-22088↗2023-10-15

▶