Oracle Communications Operations Monitor Vulnerability in Mediation Engine
CVE-2022-21399

6.6MEDIUM

Key Information:

Vendor: Oracle
Status: Communications Operations Monitor
Vendor: CVE Published:; 19 January 2022

Summary

A vulnerability exists in the Oracle Communications Operations Monitor within the Mediation Engine component that allows a highly privileged attacker with network access via HTTP to exploit the system. This vulnerability can lead to unauthorized updates, inserts, or deletions of data stored in the Oracle Communications Operations Monitor, as well as unauthorized read access to sensitive data. In addition, this vulnerability can enable attackers to cause partial denial of service, affecting the overall performance and availability of the system. Successful exploitation of this weakness may significantly impact not only the Oracle Communications Operations Monitor but also adjacent systems relying on its functionalities.

Affected Version(s)

Communications Operations Monitor 3.4

Communications Operations Monitor 4.2

Communications Operations Monitor 4.3

References

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 19, 2022
Vulnerability Reserved
Nov 15, 2021