CVE-2022-21612 Oracle Enterprise Data Quality is vulnerable to a dashboard vulnerability. Affected versions are 12.2.1.3.0 and 12.2.1.4.0.

Oracle Enterprise Data Quality is a data profiling and data quality management software. Vulnerability is due to insecure handling of authentication credentials. An attacker can leverage insecure handling of authentication credentials to gain access and exploit the software. Enterprise Data Quality is exposed to insecure handling of authentication credentials via HTTP protocol. Enterprise Data Quality is susceptible to man-in-the-middle (MiTM) attacks. An attacker can leverage insecure handling of authentication credentials to gain access and exploit the software. Enterprise Data Quality is exposed to insecure handling of authentication credentials via HTTP protocol. Enterprise Data Quality is susceptible to man-in-the-middle (MiTM) attacks. Enterprise Data Quality does not restrict access to the software via firewall or rate limiting mechanisms. Access to Enterprise Data Quality can be restricted via firewall or rate limiting mechanisms. Enterprise Data Quality does not restrict access to the software via firewall or rate limiting mechanisms. Enterprise Data Quality does not restrict access to the software via firewall or rate limiting mechanisms. Enterprise Data Quality does not restrict access to the software via firewall or rate limiting mechanisms. Enterprise Data Quality does not restrict access to the software via firewall or rate limiting mechanisms. Enterprise Data Quality does not restrict access to the software via firewall or rate limiting mechanisms

Summary

Vulnerability is due to insecure handling of authentication credentials. An attacker can leverage insecure handling of authentication credentials to gain access and exploit the software. Enterprise Data Quality is exposed to insecure handling of authentication credentials via HTTP protocol. Enterprise Data Quality is susceptible to man-in-the-middle (MiTM) attacks. An attacker can leverage insecure handling of authentication credentials to gain access and exploit the software. Enterprise Data Quality is exposed to insecure handling of authentication credentials via HTTP protocol. Enterprise Data Quality is susceptible to man-in-the-middle (MiTM) attacks. Enterprise Data Quality does not restrict access to the software via firewall or rate limiting mechanisms. Access to Enterprise Data Quality can be restricted via firewall or rate limiting mechanisms. Enterprise Data Quality does not restrict access to the software via firewall or rate limiting mechanisms.

References: CVE-2022-21612

http://www.oracle.com/technetwork/security-advisory/cpujul2018-3236628.html

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References

• https://www.oracle.com/security-alerts/cpuoct2022.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21612