Unauthorized Access Vulnerability in Oracle Communications Billing and Revenue Management
CVE-2022-21266

7.5HIGH

Key Information:

Vendor: Oracle
Status: Communications Billing And Revenue Management
Vendor: CVE Published:; 19 January 2022

What is CVE-2022-21266?

A vulnerability exists within Oracle Communications Billing and Revenue Management that allows unauthenticated network access via HTTP. Attackers can exploit this weakness to gain unauthorized access to critical data, potentially compromising the entire system's data integrity. Supported versions affected include 12.0.0.3 and 12.0.0.4, making timely updates essential to secure sensitive information.

Affected Version(s)

Communications Billing and Revenue Management 12.0.0.3

Communications Billing and Revenue Management 12.0.0.4

References

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 19, 2022
Vulnerability Reserved
Nov 15, 2021