Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Supported versions that are affected are Prior to 13.9.4.2.11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Global Lifecycle Management NextGen OUI Framework executes to compromise Oracle Global Lifecycle Management NextGen OUI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Global Lifecycle Management NextGen OUI Framework. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.oracle.com/security-alerts/cpujan2023.html |
History
Tue, 17 Sep 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 17 Sep 2024 03:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-284 |
MITRE
Status: PUBLISHED
Assigner: oracle
Published: 2023-01-17T23:35:26.956Z
Updated: 2024-09-16T19:35:57.319Z
Reserved: 2022-12-17T19:26:00.710Z
Link: CVE-2023-21894
Vulnrichment
Updated: 2024-08-02T09:51:51.432Z
NVD
Status : Modified
Published: 2023-01-18T00:15:17.127
Modified: 2024-09-17T02:35:14.440
Link: CVE-2023-21894
Redhat
No data.