Vulnerability in Mediation Engine of Oracle Communications Operations Monitor
CVE-2022-21403

6.6MEDIUM

Key Information:

Vendor: Oracle
Status: Communications Operations Monitor
Vendor: CVE Published:; 19 January 2022

Summary

A vulnerability exists in the Mediation Engine component of Oracle Communications Operations Monitor, allowing an attacker with high-level privileges and network access via HTTP to exploit the system. This could lead to unauthorized updates, deletions, or insertions of crucial data, as well as unauthorized read access to sensitive subsets of information. The vulnerability also allows an attacker to initiate a partial denial of service, affecting the availability of Oracle Communications Operations Monitor.

Affected Version(s)

Communications Operations Monitor 3.4

Communications Operations Monitor 4.2

Communications Operations Monitor 4.3

References

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 19, 2022
Vulnerability Reserved
Nov 15, 2021