Oracle Communications Billing and Revenue Management Vulnerability in Billing Care
CVE-2022-21572

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Communications Billing And Revenue Management
Vendor: CVE Published:; 19 July 2022

Summary

A vulnerability exists in Oracle Communications Billing and Revenue Management's Billing Care component, affecting versions 12.0.0.4.0 through 12.0.0.6.0. An attacker with minimal privileges and network access via HTTP can exploit this vulnerability, potentially leading to unauthorized modifications or deletions of data. Successful exploitation requires interaction from a user other than the malicious actor, which increases the complexity of attacks. This weakness can also adversely affect other integrated products, highlighting its broader impact beyond the main application.

Affected Version(s)

Communications Billing and Revenue Management 12.0.0.4.0-12.0.0.6.0

References

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Nov 15, 2021