Unauthenticated Access Vulnerability in Oracle Enterprise Data Quality
CVE-2022-21614

7.5HIGH

Key Information:

Vendor: Oracle
Status: Enterprise Data Quality
Vendor: CVE Published:; 18 October 2022

Summary

This vulnerability allows an unauthenticated attacker to gain unauthorized access to sensitive data from the Oracle Enterprise Data Quality product via HTTP. The fault lies in the Dashboard component of Oracle Fusion Middleware, which can be exploited easily by attackers with network access. Successful exploitation may lead to significant data breaches, enabling unauthorized users to compromise the confidentiality of critical data, posing serious risks to organizations that rely on this solution.

Affected Version(s)

Enterprise Data Quality 12.2.1.3.0

Enterprise Data Quality 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Nov 15, 2021