Vulnerability in Oracle Enterprise Session Border Controller WebUI
CVE-2022-21381

6.4MEDIUM

Key Information:

Vendor: Oracle
Status: Enterprise Session Border Controller
Vendor: CVE Published:; 19 January 2022

What is CVE-2022-21381?

A vulnerability exists in the WebUI component of Oracle's Enterprise Session Border Controller, allowing an attacker with low privileges and network access via HTTP to compromise the system. This may lead to unauthorized modifications and access to sensitive data. Although primarily associated with the Oracle Enterprise Session Border Controller, the impact could extend to other interconnected products, resulting in potential confidentiality and integrity risks.

Affected Version(s)

Enterprise Session Border Controller 8.4

Enterprise Session Border Controller 9.0

References

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 19, 2022
Vulnerability Reserved
Nov 15, 2021