User Management Vulnerability in Oracle Communications Applications
CVE-2023-22088

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Communications Order And Service Management
Vendor: CVE Published:; 17 October 2023

Summary

A vulnerability has been identified in Oracle Communications Order and Service Management, specifically within the User Management component. This issue may be exploited by a low privileged attacker with network access via HTTP, potentially allowing unauthorized read access to certain data within the system. Supported versions impacted by this vulnerability include 7.4.0 and 7.4.1. Organizations utilizing these versions should take proactive measures to mitigate the associated risks.

Affected Version(s)

Communications Order and Service Management 7.4.0

Communications Order and Service Management 7.4.1

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022