Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-vwrw-2hr4-p2rx

Опубликовано: 20 янв. 2022
Источник: github
Github: Не прошло ревью

Описание

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: UI Servlet). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Configurator accessible data as well as unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: UI Servlet). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Configurator accessible data as well as unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

Ссылки

EPSS

Процентиль: 79%
0.01267
Низкий

CVE ID

CVE-2022-21255

Связанные уязвимости

nvd логотип

CVE-2022-21255

CVSS3: 8.1
nvd
около 4 лет назад

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: UI Servlet). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Configurator accessible data as well as unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

fstec логотип

BDU:2022-01938

CVSS3: 8.1
fstec
около 4 лет назад

Уязвимость компонента UI Servlet приложения Oracle Configurator, позволяющая нарушителю получить доступ на чтение, изменение, добавление или удаление данных

EPSS

Процентиль: 79%
0.01267
Низкий

CVE ID

CVE-2022-21255