Authentication Engine Vulnerability in Oracle Fusion Middleware
CVE-2023-21859

4.4MEDIUM

Key Information:

Vendor: Oracle
Status: Access Manager
Vendor: CVE Published:; 18 January 2023

What is CVE-2023-21859?

An easily exploitable vulnerability in the Authentication Engine of Oracle Access Manager within the Oracle Fusion Middleware suite allows attackers with privileged access to compromise the service. Attackers who successfully exploit this vulnerability can gain unauthorized access to sensitive data or full control over all data accessible via Oracle Access Manager. This risk highlights the critical need for organizations using the affected version to implement necessary security measures.

Affected Version(s)

Access Manager 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpujan2023.html

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Dec 17, 2022