Unauthenticated Access Vulnerability in Oracle Enterprise Manager
CVE-2022-21623

7.5HIGH

Key Information:

Vendor: Oracle
Status: Enterprise Manager Base Platform
Vendor: CVE Published:; 18 October 2022

Summary

An unauthenticated access vulnerability exists within the Application Config Console of Oracle's Enterprise Manager Base Platform. This flaw allows attackers with network access via HTTP to exploit it easily, leading to unauthorized creation, deletion, or modification of critical data. These actions can affect all data accessible through the Enterprise Manager Base Platform, posing a significant risk to organizations utilizing these versions.

Affected Version(s)

Enterprise Manager Base Platform 13.4.0.0

Enterprise Manager Base Platform 13.5.0.0

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Nov 15, 2021