Exploitation Risk in Oracle Fusion Middleware - Outside In Technology
CVE-2023-22127

6.3MEDIUM

Key Information:

Vendor: Oracle
Status: Outside In Technology
Vendor: CVE Published:; 17 October 2023

Summary

The vulnerability affects the Oracle Outside In Technology component of Oracle Fusion Middleware, specifically in the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK. A low-privileged attacker with network access via HTTP can exploit this easily exploitable vulnerability. Successful exploitation can lead to unauthorized data modifications including updates, inserts, or deletions, as well as unauthorized read access to certain data subsets. Additionally, attackers can potentially cause a partial denial of service, impacting the availability of the Oracle Outside In Technology components.

Affected Version(s)

Outside In Technology 8.5.6

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022