CVE-2022-21246

Name of the Vulnerable Software and Affected Versions Oracle Communications Operations Monitor versions 3.4, 4.2, 4.3, 4.4, 5.0

Description The issue exists due to insufficient input validation in the Mediation Engine component of Oracle Communications Operations Monitor. This allows a remote attacker to gain read access to data or modify data using specially crafted HTTP requests. Successful attacks may significantly impact additional products and can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data.

Recommendations For versions 3.4, 4.2, 4.3, 4.4, 5.0, consider restricting access to the Mediation Engine component until a patch is available. As a temporary workaround, avoid using specially crafted HTTP requests to the affected component. Restrict network access via HTTP to minimize the risk of exploitation.