Lucene search

PRIOn knowledge basePRION:CVE-2023-21824

HistoryJan 18, 2023 - 12:15 a.m.

Design/Logic Flaw

2023-01-1800:15:00

PRIOn knowledge base

www.prio-n.com

oracle communications brm

elastic charging engine

vulnerability

unauthorized access

infrastructure

compromise

data security

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.0%

JSON

Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications BRM - Elastic Charging Engine accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

CPENameOperatorVersion
communications_billing_and_revenue_management_elastic_charging_enginege12.0.0.3.0
communications_billing_and_revenue_management_elastic_charging_enginele12.0.0.7.0
communications_cloud_native_core_binding_support_functioneq22.3.0
communications_cloud_native_core_policyeq22.3.0

Name	Operator	Version
communications_billing_and_revenue_management_elastic_charging_engine	ge	12.0.0.3.0
communications_billing_and_revenue_management_elastic_charging_engine	le	12.0.0.7.0
communications_cloud_native_core_binding_support_function	eq	22.3.0
communications_cloud_native_core_policy	eq	22.3.0

References

www.oracle.com/security-alerts/cpujan2023.html