CVE-2022-21503

{"id": "CVE-2022-21503", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2022-06-17T21:15:08.887", "references": [{"url": "https://support.oracle.com", "tags": ["Permissions Required"], "source": "secalert_us@oracle.com"}, {"url": "https://support.oracle.com", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to Oracle Cloud Infrastructure accessible data. All affected customers were notified of CVE-2022-21503 by Oracle. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)"}, {"lang": "es", "value": "Una vulnerabilidad en el producto Oracle Cloud Infrastructure de Oracle Cloud Services. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios y acceso a la red comprometer Oracle Cloud Infrastructure. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso no autorizado a los datos accesibles de Oracle Cloud Infrastructure. Todos los clientes afectados fueron notificados de CVE-2022-21503 por Oracle. CVSS 3.1, Puntuaci\u00f3n Base 4.9 (impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)"}], "lastModified": "2024-11-21T06:44:50.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:cloud_infrastructure:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F25D066-4102-4D45-AA40-A9124AA5DF39"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}