Unauthenticated Access Vulnerability in Oracle Communications Policy Management
CVE-2017-10159

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Communications Policy Management
Vendor
CVE Published:
19 October 2017

Summary

A vulnerability exists in Oracle Communications Policy Management that allows an unauthenticated attacker to gain unauthorized access to sensitive data. By exploiting this weakness, an attacker with network access via HTTP can compromise the system. Such attacks necessitate human interaction, allowing the attacker to execute unauthorized updates, inserts, or deletions of accessible data. In addition to affecting the Policy Management component, this vulnerability can also have far-reaching consequences on other connected Oracle products. This vulnerability emphasizes the importance of securing access controls and ensuring that user interactions are closely monitored.

Affected Version(s)

Communications Policy Management 11.5

Communications Policy Management 12.x

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039590
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101425
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.