Denial of Service Vulnerability in Oracle Enterprise Session Border Controller
CVE-2022-21383

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Enterprise Session Border Controller
Vendor: CVE Published:; 19 January 2022

Summary

A vulnerability exists in the Oracle Enterprise Session Border Controller that can be exploited by an attacker having low privileges and network access via HTTP. This flaw enables the attacker to execute certain actions that can lead to a partial denial of service condition on affected versions, namely 8.4 and 9.0. The successful exploitation of this vulnerability poses a risk of disruptions in service availability, potentially impacting the operations reliant on the affected product.

Affected Version(s)

Enterprise Session Border Controller 8.4

Enterprise Session Border Controller 9.0

References

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2022
Vulnerability Reserved
Nov 15, 2021