CVE-2022-21431 Oracle Communications Billing and Revenue Management product is vulnerable to a vulnerability in versions 12.0.0.4 and 12.0.0.5.

CVE-2022-21431 Oracle Communications Billing and Revenue Management product is vulnerable to a vulnerability in versions 12.0.0.4 and 12.0.0.5.

Exploitation of vulnerabilities requires physical access to the device or remote access to the device with user privileges. Access via network devices may be difficult. ATTENTION: Access by remote or network attackers may be difficult.

Solution Install updates from vendor to resolve the issue.

Vendor information Oracle provides information about fixing this issue via the following link. You can access the information via the following link: https://docs.oracle.com/en/com/ibm/comm-manager/psd/jsp-14560.html CVE assignments CVE-2018-2793 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2801 CVE-2018-2802 CVE-2018-2803 CVE-2018-2804 CVE-2018-2805 CVE-2018-2806 CVE-2018-2807 CVE-2018-2808 CVE-2018-2809 CVE-2018-2810 CVE-2018-2811 CVE-2018-2812 CVE-2018-2813 CVE-2018-2814 CVE-2018-2815 CVE-2018-2816 CVE-2018-2817 CVE-2018-2818 CVE-2018-2819 CVE-2018-2820 CVE-2018-2821 CVE-2018-2822 CVE-2018-2823 CVE

Oracle Java SE CVE Numbering Scheme

Vulnerability Class: Critical CVSSv3: 9.9 CVSSv2: 7.5
CVE ID(s)   CVE-2018-2793  CVE-2018-2794  CVE-2018-2795  CVE-2018-2796  CVE-2018-2797  CVE-2018-2798  CVE-2018-2799  CVE-2018-2800
CVSSv3 Base Score: 9.9 (AV:N/AC:L/Au:S/C:C/I:C/A:C) CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Oracle JDK  1.8.0 b 91


Solution Install updates from vendor to resolve the issue.

Oracle Java VM must be patched to prevent further attacks .

Solution Install updates from vendor to resolve the issue.

Vulnerability description

The vulnerability may be exploited via a web browser or by a malicious application that accesses the device.

CVE-2018-2823: Exploitation of the vulnerability may allow an attacker to execute arbitrary code on the underlying operating system of the host machine.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe