CVE-2022-21395 | Vulnerability Database | Aqua Security

Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). Supported versions that are affected are 3.4, 4.2, 4.3, 4.4 and 5.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Operations Monitor. Successful attacks of this vulnerability can result in takeover of Oracle Communications Operations Monitor. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Affected Software

Name	Vendor	Start Version	End Version
Communications_operations_monitor	Oracle	3.4 (including)	3.4 (including)
Communications_operations_monitor	Oracle	4.2 (including)	4.2 (including)
Communications_operations_monitor	Oracle	4.3 (including)	4.3 (including)
Communications_operations_monitor	Oracle	4.4 (including)	4.4 (including)
Communications_operations_monitor	Oracle	5.0 (including)	5.0 (including)

References

https://www.oracle.com/security-alerts/cpujan2022.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-21395
CWE	https://cwe.mitre.org/data/definitions/.html