Unauthorized Access Vulnerability in Oracle Enterprise Manager Base Platform
CVE-2022-21536

8.1HIGH

Key Information:

Vendor: Oracle
Status: Enterprise Manager Base Platform
Vendor: CVE Published:; 19 July 2022

Summary

This vulnerability in Oracle's Enterprise Manager Base Platform allows an unauthenticated attacker with network access to exploit the system via HTTP. If successful, the attacker can compromise the integrity and availability of the Enterprise Manager, potentially leading to unauthorized control over the affected environment. Supported versions, specifically 13.4.0.0 and 13.5.0.0, are exposed, emphasizing the importance of monitoring and securing these products to prevent malicious activities.

Affected Version(s)

Enterprise Manager Base Platform 13.4.0.0

Enterprise Manager Base Platform 13.5.0.0

References

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Nov 15, 2021