Vulnerability in OSS Support Tools by Oracle
CVE-2022-21405

5.5MEDIUM

Key Information:

Vendor: Oracle
Status: Oss Support Tools
Vendor: CVE Published:; 19 April 2022

Summary

A significant vulnerability exists within the OSS Support Tools component of Oracle Support Tools, specifically impacting version 18.3. This flaw allows an attacker with high privileges who can log in to the infrastructure where OSS Support Tools operates to potentially compromise its functionality. The successful exploitation of this vulnerability requires interaction from a separate user, but poses risks that extend beyond the OSS Support Tools itself, affecting interconnected systems. As a result, unauthorized access to critical data or potentially total access to all data managed by OSS Support Tools could occur.

Affected Version(s)

OSS Support Tools 18.3

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021