CVE-2023-21848
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergence. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Vulnerabilidad en el producto Oracle Communications Convergence de Oracle Communications Applications (componente: Configuración de administrador). La versión compatible afectada es 3.0.3.1.0. Una vulnerabilidad fácilmente explotable permite a un atacante con pocos privilegios y acceso a la red a través de HTTP comprometer Oracle Communications Convergence. Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisición de Oracle Communications Convergence. CVSS 3.1 Puntuación base 8,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2022-12-17 CVE Reserved
- 2023-01-17 CVE Published
- 2024-08-09 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.oracle.com/security-alerts/cpujan2023.html | 2023-01-24 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Communications Convergence Search vendor "Oracle" for product "Communications Convergence" | 3.0.3.1.0 Search vendor "Oracle" for product "Communications Convergence" and version "3.0.3.1.0" | - |
Affected
|