Vulnerability in Oracle Commerce Platform - Oracle
CVE-2022-21559

5.5MEDIUM

Key Information:

Vendor: Oracle
Status: Commerce Platform
Vendor: CVE Published:; 19 July 2022

Summary

A vulnerability exists within the Oracle Commerce Platform's Dynamo Application Framework that can be exploited by an attacker with low privileges who has logged onto the infrastructure where the platform operates. This flaw enables the attacker to gain unauthorized access to critical information and potentially all data accessible through the Oracle Commerce Platform. Organizations utilizing affected versions 11.3.0, 11.3.1, or 11.3.2 should take immediate actions to mitigate the risks associated with this vulnerability.

Affected Version(s)

Commerce Platform 11.3.0

Commerce Platform 11.3.1

Commerce Platform 11.3.2

References

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Nov 15, 2021