// For flags

CVE-2022-21388

 

Severity Score

3.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: On Premise Install). Supported versions that are affected are 12.0.0.3.0 and 12.0.0.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Pricing Design Center executes to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Pricing Design Center accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Una vulnerabilidad en el producto Oracle Communications Pricing Design Center de Oracle Communications Applications (componente: On Premise Install). Las versiones compatibles que están afectadas son 12.0.0.3.0 y la 12.0.0.4.0. Una vulnerabilidad explotable fácilmente, permite a un atacante con bajos privilegios que inicie sesión en la infraestructura en la que es ejecutado Oracle Communications Pricing Design Center poner en peligro Oracle Communications Pricing Design Center. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Communications Pricing Design Center. CVSS 3.1, Puntuación base 3.3 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2021-11-15 CVE Reserved
  • 2022-01-19 CVE Published
  • 2023-08-12 EPSS Updated
  • 2024-09-24 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://www.oracle.com/security-alerts/cpujan2022.html 2022-01-25
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
 Communications Pricing Design Center
Search vendor "Oracle" for product "Communications Pricing Design Center"
 12.0.0.3.0
Search vendor "Oracle" for product "Communications Pricing Design Center" and version "12.0.0.3.0"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Pricing Design Center
Search vendor "Oracle" for product "Communications Pricing Design Center"
 12.0.0.4.0
Search vendor "Oracle" for product "Communications Pricing Design Center" and version "12.0.0.4.0"
-
Affected