CVE-2022-21536
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.8%
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | enterprise_manager_base_platform | * | cpe:2.3:a:oracle:enterprise_manager_base_platform:*:*:*:*:*:*:*:* |
| oracle | enterprise_manager_base_platform | * | cpe:2.3:a:oracle:enterprise_manager_base_platform:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Enterprise Manager Base Platform",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "13.4.0.0"
},
{
"status": "affected",
"version": "13.5.0.0"
}
]
}
]Social References
More
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.8%