Unauthenticated Access Vulnerability in Oracle Access Manager by Oracle
CVE-2022-39412

7.5HIGH

Key Information:

Vendor: Oracle
Status: Access Manager
Vendor: CVE Published:; 18 October 2022

Summary

An unauthenticated access vulnerability exists in the Oracle Access Manager component of Oracle Fusion Middleware, specifically affecting version 12.2.1.4.0. This vulnerability allows attackers with network access through HTTP to exploit the system, potentially gaining unauthorized access to sensitive data. Successful exploitation could result in complete access to all data available in Oracle Access Manager, posing a serious threat to organizational security and data confidentiality.

Affected Version(s)

Access Manager 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Sep 2, 2022