Unauthenticated Access Vulnerability in Oracle Communications Policy Management
CVE-2017-10159
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 19 October 2017
Summary
A vulnerability exists in Oracle Communications Policy Management that allows an unauthenticated attacker to gain unauthorized access to sensitive data. By exploiting this weakness, an attacker with network access via HTTP can compromise the system. Such attacks necessitate human interaction, allowing the attacker to execute unauthorized updates, inserts, or deletions of accessible data. In addition to affecting the Policy Management component, this vulnerability can also have far-reaching consequences on other connected Oracle products. This vulnerability emphasizes the importance of securing access controls and ensuring that user interactions are closely monitored.
Affected Version(s)
Communications Policy Management 11.5
Communications Policy Management 12.x
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved