CVE-2023-21824

Name of the Vulnerable Software and Affected Versions Oracle Communications BRM - Elastic Charging Engine versions 12.0.0.3.0 through 12.0.0.7.0

Description The issue exists due to insufficient input validation in the Customer, Config, Pricing Manager component of Oracle Communications BRM - Elastic Charging Engine. This allows an attacker to disclose protected information. Successful attacks can result in unauthorized access to critical data or complete access to all accessible data.

Recommendations For versions 12.0.0.3.0 through 12.0.0.7.0, update to a version that includes the necessary security patches to address the insufficient input validation issue. As a temporary workaround, consider restricting access to the Customer, Config, Pricing Manager component to minimize the risk of exploitation.