Network Vulnerability in Oracle Health Sciences InForm Product
CVE-2023-21924

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Health Sciences Inform
Vendor: CVE Published:; 18 April 2023

What is CVE-2023-21924?

A vulnerability has been identified in the Oracle Health Sciences InForm product, allowing high-privileged attackers with network access via HTTP to compromise the system. This security issue affects versions prior to 6.3.1.3 and 7.0.0.1. Exploiting this vulnerability necessitates human interaction from a user other than the attacker. While primarily impacting Oracle Health Sciences InForm, successful exploitation could also affect other products, potentially leading to unauthorized updates, deletions, or access to sensitive data, as well as partial denial of service conditions. It is critical for organizations utilizing this software to apply the necessary patches to safeguard against potential threats.

Affected Version(s)

Health Sciences InForm * < 6.3.1.3

Health Sciences InForm * < 7.0.0.1

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022