CVE-2022-21383

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Session Border Controller versions 8.4 through 9.0

Description The issue is related to errors in resource release in the Log component of the Oracle Enterprise Session Border Controller. It allows a remote attacker to cause a partial denial of service using the HTTP protocol. The vulnerability can be easily exploited by a low-privileged attacker with network access via HTTP, resulting in unauthorized ability to cause a partial denial of service of the Oracle Enterprise Session Border Controller.

Recommendations For versions 8.4 and 9.0, consider restricting access to the Log component until a patch is available. As a temporary workaround, consider disabling the Log component to minimize the risk of exploitation. Restrict network access via HTTP to reduce the risk of unauthorized attacks.