First published: Tue Oct 18 2022(Updated: )
Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Data Quality. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Data Quality, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Data Quality accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N).
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Enterprise Data Quality | =12.2.1.3.0 | |
Oracle Enterprise Data Quality | =12.2.1.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-21615 is a vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware, specifically in the Dashboard component.
The affected versions of Oracle Enterprise Data Quality are 12.2.1.3.0 and 12.2.1.4.0.
CVE-2022-21615 has a severity rating of 7.4 (high).
An unauthenticated attacker with network access via HTTP can easily exploit CVE-2022-21615.
More information about CVE-2022-21615 can be found in the Oracle Security Alerts.