CVE-2022-21275 Vulnerable versions are 12.0.0.3 and 12.0.0.4 of the Oracle Communications Billing and Revenue Management product.

CVE-2022-21275 Vulnerable versions are 12.0.0.3 and 12.0.0.4 of the Oracle Communications Billing and Revenue Management product.

CVE-2017-1178 Exploitation of this vulnerability requires that user be logged into Oracle Communications Billing and Revenue Management. However, user login is not required in order to exploit this vulnerability. A low skill level user or application with an unsecure communication channel can exploit this vulnerability.

CVE-2017-1179 Exploitation of this vulnerability requires that user be logged into Oracle Communications Billing and Revenue Management. However, user login is not required in order to exploit this vulnerability. A low skill level user or application with an unsecure communication channel can exploit this vulnerability.

CVE-2017-1180 Exploitation of this vulnerability requires that user be logged into Oracle Communications Billing and Revenue Management. However, user login is not required in order to exploit this vulnerability. A low skill level user or application with an unsecure communication channel can exploit this vulnerability.

CVE-2017-1181 Exploitation of this vulnerability requires that user be logged into Oracle Communications Billing and Revenue Management. However, user login is not required in order to exploit this vulnerability. A low skill level user or application with an unsecure communication channel can exploit this vulnerability.

CVE-2017-1182 Exploitation of this vulnerability requires that user be logged into Oracle Communications Billing and Revenue Management

Potential Impact of CVSS Severity

CVSS scores are based on a scale from 0 to 10, with higher scores generally equating to a more severe risk.
A CVSS score of 3.0 indicates that the vulnerability could be exploited remotely without authentication and potentially result in information disclosure, remote code execution, or denial-of-service conditions.
A CVSS score of 4.0 indicates that the vulnerability could be exploited remotely without authentication and potentially result in information disclosure, remote code execution, or denial-of-service conditions.

Exploitation of this vulnerability requires that user be logged into Oracle Communications Billing a

Revenue Management. However, user login is not required in order to exploit this vulnerability. A low skill level user or application with an unsecure communication channel can exploit this vulnerability.

This article talks about the bugs that Oracle released in their billing and revenue management software.

Potential Impact of an exploitable vulnerability

The vulnerabilities that exist in Oracle Communications Billing and Revenue Management allow an unauthenticated, remote attacker to view the entire contents of a mailbox. This can be utilized to gain access to sensitive information such as credit card numbers and social security numbers.

This vulnerability could be exploited by an unauthorized user to perform some form of malicious activity on behalf of the vulnerable application or by an authorized user if they knew how to do it. The vulnerability was also found in software other than Oracle Communications Billing and Revenue Management, so it is not limited to that one application.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe