Lucene search

[email protected]NVD:CVE-2023-21890

HistoryJan 18, 2023 - 12:15 a.m.

CVE-2023-21890

2023-01-1800:15:16

[email protected]

web.nvd.nist.gov

vulnerability

oracle communications

converged application server

unauthenticated attacker

compromise

cvss 3.1

udp

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Supported versions that are affected are 7.1.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to compromise Oracle Communications Converged Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Converged Application Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected configurations

NVD

Node

oraclecommunications_converged_application_serverMatch7.1.0

oraclecommunications_converged_application_serverMatch8.0.0

References

www.oracle.com/security-alerts/cpujan2023.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

Related for NVD:CVE-2023-21890

zdi1 cvelist1 cve1 prion1 oracle1