CVE-2022-21395 - Vulnerability Details

Vendors	Products
Oracle	Communications Operations Monitor

Link	Providers
https://www.oracle.com/security-alerts/cpujan2022.html

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Communications Operations Monitor", "vendor": "Oracle Corporation", "versions": [{"status": "affected", "version": "3.4"}, {"status": "affected", "version": "4.2"}, {"status": "affected", "version": "4.3"}, {"status": "affected", "version": "4.4"}, {"status": "affected", "version": "5.0"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor.  Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-19T11:26:45", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2022-21395", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Communications Operations Monitor", "version": {"version_data": [{"version_affected": "=", "version_value": "3.4"}, {"version_affected": "=", "version_value": "4.2"}, {"version_affected": "=", "version_value": "4.3"}, {"version_affected": "=", "version_value": "4.4"}, {"version_affected": "=", "version_value": "5.0"}]}}]}, "vendor_name": "Oracle Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."}]}, "impact": {"cvss": {"baseScore": "7.2", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor.  Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor."}]}]}, "references": {"reference_data": [{"name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:38:55.969Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T17:38:05.122326Z", "id": "CVE-2022-21395", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T20:15:31.459Z"}}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2022-21395", "datePublished": "2022-01-19T11:26:45", "dateReserved": "2021-11-15T00:00:00", "dateUpdated": "2024-09-24T20:15:31.459Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Communications Operations Monitor (string)

vendor : Oracle Corporation (string)

versions : [ »

0 : { »

status : affected (string)

version : 3.4 (string)

}

1 : { »

status : affected (string)

version : 4.2 (string)

}

2 : { »

status : affected (string)

version : 4.3 (string)

}

3 : { »

status : affected (string)

version : 4.4 (string)

}

4 : { »

status : affected (string)

version : 5.0 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-01-19T11:26:45 (string)

orgId : 43595867-4340-4103-b7a2-9a5208d29a85 (string)

shortName : oracle (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.oracle.com/security-alerts/cpujan2022.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert_us@oracle.com (string)

ID : CVE-2022-21395 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Communications Operations Monitor (string)

version : { »

version_data : [ »

0 : { »

version_affected : = (string)

version_value : 3.4 (string)

}

1 : { »

version_affected : = (string)

version_value : 4.2 (string)

}

2 : { »

version_affected : = (string)

version_value : 4.3 (string)

}

3 : { »

version_affected : = (string)

version_value : 4.4 (string)

}

4 : { »

version_affected : = (string)

version_value : 5.0 (string)

}

]

}

]

}

vendor_name : Oracle Corporation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). (string)

}

]

}

impact : { »

cvss : { »

baseScore : 7.2 (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.oracle.com/security-alerts/cpujan2022.html (string)

refsource : MISC (string)

url : https://www.oracle.com/security-alerts/cpujan2022.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T02:38:55.969Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.oracle.com/security-alerts/cpujan2022.html (string)

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-09-24T17:38:05.122326Z (string)

id : CVE-2022-21395 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-24T20:15:31.459Z (string)

}

]

}

cveMetadata : { »

assignerOrgId : 43595867-4340-4103-b7a2-9a5208d29a85 (string)

assignerShortName : oracle (string)

cveId : CVE-2022-21395 (string)

datePublished : 2022-01-19T11:26:45 (string)

dateReserved : 2021-11-15T00:00:00 (string)

dateUpdated : 2024-09-24T20:15:31.459Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:38:55.969Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-21395", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-24T17:38:05.122326Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T17:39:45.772Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Oracle Corporation", "product": "Communications Operations Monitor", "versions": [{"status": "affected", "version": "3.4"}, {"status": "affected", "version": "4.2"}, {"status": "affected", "version": "4.3"}, {"status": "affected", "version": "4.4"}, {"status": "affected", "version": "5.0"}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor.  Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor."}]}], "providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2022-01-19T11:26:45"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.1", "baseScore": "7.2", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.4", "version_affected": "="}, {"version_value": "4.2", "version_affected": "="}, {"version_value": "4.3", "version_affected": "="}, {"version_value": "4.4", "version_affected": "="}, {"version_value": "5.0", "version_affected": "="}]}, "product_name": "Communications Operations Monitor"}]}, "vendor_name": "Oracle Corporation"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor.  Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor."}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-21395", "STATE": "PUBLIC", "ASSIGNER": "secalert_us@oracle.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-21395", "state": "PUBLISHED", "dateUpdated": "2024-09-24T20:15:31.459Z", "dateReserved": "2021-11-15T00:00:00", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "datePublished": "2022-01-19T11:26:45", "assignerShortName": "oracle"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://www.oracle.com/security-alerts/cpujan2022.html (string)

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T02:38:55.969Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2022-21395 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-24T17:38:05.122326Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-24T17:39:45.772Z (string)

}

]

cna : { »

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 7.2 (number)

attackVector : NETWORK (string)

baseSeverity : HIGH (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : HIGH (string)

confidentialityImpact : HIGH (string)

}

]

affected : [ »

0 : { »

vendor : Oracle Corporation (string)

product : Communications Operations Monitor (string)

versions : [ »

0 : { »

status : affected (string)

version : 3.4 (string)

}

1 : { »

status : affected (string)

version : 4.2 (string)

}

2 : { »

status : affected (string)

version : 4.3 (string)

}

3 : { »

status : affected (string)

version : 4.4 (string)

}

4 : { »

status : affected (string)

version : 5.0 (string)

}

]

}

]

references : [ »

0 : { »

url : https://www.oracle.com/security-alerts/cpujan2022.html (string)

tags : [ »

0 : x_refsource_MISC (string)

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : text (string)

description : Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. (string)

}

]

}

]

providerMetadata : { »

orgId : 43595867-4340-4103-b7a2-9a5208d29a85 (string)

shortName : oracle (string)

dateUpdated : 2022-01-19T11:26:45 (string)

}

x_legacyV4Record : { »

impact : { »

cvss : { »

version : 3.1 (string)

baseScore : 7.2 (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

version : { »

version_data : [ »

0 : { »

version_value : 3.4 (string)

version_affected : = (string)

}

1 : { »

version_value : 4.2 (string)

version_affected : = (string)

}

2 : { »

version_value : 4.3 (string)

version_affected : = (string)

}

3 : { »

version_value : 4.4 (string)

version_affected : = (string)

}

4 : { »

version_value : 5.0 (string)

version_affected : = (string)

}

]

}

product_name : Communications Operations Monitor (string)

}

]

}

vendor_name : Oracle Corporation (string)

}

]

}

data_type : CVE (string)

references : { »

reference_data : [ »

0 : { »

url : https://www.oracle.com/security-alerts/cpujan2022.html (string)

name : https://www.oracle.com/security-alerts/cpujan2022.html (string)

refsource : MISC (string)

}

]

}

data_format : MITRE (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. (string)

}

]

}

]

}

data_version : 4.0 (string)

CVE_data_meta : { »

ID : CVE-2022-21395 (string)

STATE : PUBLIC (string)

ASSIGNER : secalert_us@oracle.com (string)

}

cveMetadata : { »

cveId : CVE-2022-21395 (string)

state : PUBLISHED (string)

dateUpdated : 2024-09-24T20:15:31.459Z (string)

dateReserved : 2021-11-15T00:00:00 (string)

assignerOrgId : 43595867-4340-4103-b7a2-9a5208d29a85 (string)

datePublished : 2022-01-19T11:26:45 (string)

assignerShortName : oracle (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "F545DFC9-F331-4E1D-BACB-3D26873E5858", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8FBE260-E306-4215-80C0-D2D27CA43E0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Una vulnerabilidad en el producto Oracle Communications Operations Monitor de Oracle Communications (componente: Mediation Engine). Las versiones compatibles que est\u00e1n afectadas son 3.4, 4.2, 4.3, 4.4 y 5.0. Una vulnerabilidad explotable f\u00e1cilmente, permite a un atacante muy privilegiado con acceso a la red por medio de HTTP comprometer a Oracle Communications Operations Monitor. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Communications Operations Monitor. CVSS 3.1, Puntuaci\u00f3n base 7.2 (impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)"}], "id": "CVE-2022-21395", "lastModified": "2024-11-21T06:44:36.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "secalert_us@oracle.com", "type": "Secondary"}]}, "published": "2022-01-19T12:15:17.060", "references": [{"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* (string)

matchCriteriaId : D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : F545DFC9-F331-4E1D-BACB-3D26873E5858 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:* (string)

matchCriteriaId : CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:* (string)

matchCriteriaId : B98BAEB2-A540-4E8A-A946-C4331B913AFD (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B8FBE260-E306-4215-80C0-D2D27CA43E0F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad en el producto Oracle Communications Operations Monitor de Oracle Communications (componente: Mediation Engine). Las versiones compatibles que están afectadas son 3.4, 4.2, 4.3, 4.4 y 5.0. Una vulnerabilidad explotable fácilmente, permite a un atacante muy privilegiado con acceso a la red por medio de HTTP comprometer a Oracle Communications Operations Monitor. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Communications Operations Monitor. CVSS 3.1, Puntuación base 7.2 (impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) (string)

}

]

id : CVE-2022-21395 (string)

lastModified : 2024-11-21T06:44:36.370 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 5.9 (number)

source : secalert_us@oracle.com (string)

type : Secondary (string)

}

]

}

published : 2022-01-19T12:15:17.060 (string)

references : [ »

0 : { »

source : secalert_us@oracle.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.oracle.com/security-alerts/cpujan2022.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.oracle.com/security-alerts/cpujan2022.html (string)

}

]

sourceIdentifier : secalert_us@oracle.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object