Unauthorized Access Vulnerability in Oracle Communications Operations Monitor
CVE-2022-21402

4.8MEDIUM

Key Information:

Vendor: Oracle
Status: Communications Operations Monitor
Vendor: CVE Published:; 19 January 2022

Summary

The vulnerability in Oracle Communications Operations Monitor affects several versions of the product, allowing high privileged attackers with network access via HTTP to potentially compromise sensitive data. Exploitation requires human interaction from an innocent party, which poses a significant risk as successful attacks can lead to unauthorized updates, inserts, or deletions, as well as unauthorized read access to critical operational data. Therefore, while the vulnerability primarily resides in the Mediation Engine component, its impact can extend to other associated products.

Affected Version(s)

Communications Operations Monitor 3.4

Communications Operations Monitor 4.2

Communications Operations Monitor 4.3

References

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 19, 2022
Vulnerability Reserved
Nov 15, 2021