Vulnerabilities > CVE-2022-21395 - Unspecified vulnerability in Oracle Communications Operations Monitor

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

oracle

NVD

Published: 2022-01-19

Updated: 2022-01-25

Summary

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Communications Operations Monitor 3.4 Oracle Communications Operations Monitor 4.2 Oracle Communications Operations Monitor 4.3 Oracle Communications Operations Monitor 4.4 Oracle Communications Operations Monitor 5.0	5

References

https://www.oracle.com/security-alerts/cpujan2022.html