Business Process Automation Vulnerability in Oracle Transportation Management
CVE-2022-39411

4.9MEDIUM

Key Information:

Vendor: Oracle
Status: Transportation Management
Vendor: CVE Published:; 18 October 2022

Summary

This vulnerability in Oracle Transportation Management's Business Process Automation component allows an attacker with high privileges and network access via HTTP to exploit the system easily. Successful exploitation can result in unauthorized access to sensitive data, potentially leading to full control over the data accessible within Oracle Transportation Management.

Affected Version(s)

Transportation Management 6.4.3

Transportation Management 6.5.1

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Sep 2, 2022