Vulnerability in Oracle Communications Convergence by Oracle
CVE-2022-21338

4.6MEDIUM

Key Information:

Vendor: Oracle
Status: Communications Convergence
Vendor: CVE Published:; 19 January 2022

Summary

A vulnerability exists in Oracle Communications Convergence that allows an attacker with low privileges and network access via HTTP to exploit the system. This vulnerability requires human interaction for successful execution. Once exploited, it can lead to unauthorized updates, deletions, or inserts of data, as well as unauthorized read access to certain data within Oracle Communications Convergence. Users and organizations relying on this product should apply necessary security measures to protect sensitive data from potential unauthorized access.

Affected Version(s)

Communications Convergence 3.0.2.2.0

References

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2022
Vulnerability Reserved
Nov 15, 2021