Published on: Not Yet Published
Last Modified on: 03/24/2023 12:06:42 AM UTC
CVE-2023-21862Source: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Web Services Manager from Oracle contain the following vulnerability:
Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component: XML Security component). The supported version that is affected is 220.127.116.11.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Web Services Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Web Services Manager accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).
- CVE-2023-21862 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software: Oracle Corporation - Web Services Manager version = 18.104.22.168.0
CVSS3 Score: 8.1 - HIGH
|Oracle Critical Patch Update Advisory - January 2023|| www.oracle.com |
Known Affected Configurations (CPE V2.3)
|Application||Oracle||Web Services Manager||22.214.171.124.0||All||All||All|
|@CVEreport||CVE-2023-21862 : Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware component: X… twitter.com/i/web/status/1…||2023-01-18 00:19:46|