CVE-2022-21573

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*

History

26 Jul 2022, 17:09

Type	Values Removed	Values Added
First Time		Oracle Oracle communications Billing And Revenue Management
CPE		cpe:2.3:a:oracle:communications_billing_and_revenue_management::::::::
References	~~(MISC) https://www.oracle.com/security-alerts/cpujul2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Vendor Advisory
CWE		NVD-CWE-noinfo

19 Jul 2022, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-19 22:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-21573

Mitre link : CVE-2022-21573

CVE.ORG link : CVE-2022-21573

JSON object : View

Products Affected

oracle

communications_billing_and_revenue_management

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-21573", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-07-19T22:15:13.413", "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Billing Care). Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."}, {"lang": "es", "value": "Una vulnerabilidad en el producto Oracle Communications Billing and Revenue Management de Oracle Communications Applications (componente: Billing Care). Las versiones compatibles que est\u00e1n afectadas son 12.0.0.4.0-12.0.0.6.0. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante poco privilegiado y con acceso a la red por medio de HTTP poner en peligro Oracle Communications Billing and Revenue Management. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la capacidad no autorizada para causar una suspensi\u00f3n o bloqueo repetible frecuentemente (DOS completa) de Oracle Communications Billing and Revenue Management. CVSS 3.1, Puntuaci\u00f3n Base 6.5 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."}], "lastModified": "2022-07-26T17:09:25.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCE2010E-A144-4ED2-B73D-1CA3800A8F71", "versionEndIncluding": "12.0.0.6.0", "versionStartIncluding": "12.0.0.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}