First published: Wed Jan 19 2022(Updated: )
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 8.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Enterprise Manager Base Platform | =13.4.0.0 | |
Oracle Enterprise Manager Base Platform | =13.5.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-21392 is a vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager, specifically in the Policy Framework component.
The affected versions of Oracle Enterprise Manager are 13.4.0.0 and 13.5.0.0.
CVE-2022-21392 can be easily exploited by a low privileged attacker with network access via HTTP to compromise the Enterprise Manager Base Platform.
CVE-2022-21392 has a severity rating of 8.8 (high).
To fix CVE-2022-21392, Oracle has released security patches. Please refer to Oracle's security advisory for more information.