Communications Convergence
CVE-2023-21848
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (oracle) · only source for this CVE.
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergence. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
AnalysisAI
Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). The supported version that is affected is 3.0.3.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Convergence. Successful attacks of this vulnerability can result in takeover of Oracle Communications Convergence. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Affected products include: Oracle Communications Convergence.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
More in Communications Convergence
View allAn issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. Rated high severity (CVSS 8.1), this vulne
A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contain
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "/
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resulta
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for a
Vulnerability in the Oracle Communications Convergence component of Oracle Communications Applications (subcomponent: Ma
Vulnerability in the Oracle Communications Messaging Server component of Oracle Communications Applications (subcomponen
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today