PT-2022-2432 · Oracle · Oracle Communications Billing/Revenue Management

Published

2022-04-19

Updated

2022-04-27

CVE-2022-21424

CVSS v2.0

8.7

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:P

Name of the Vulnerable Software and Affected Versions Oracle Communications Billing and Revenue Management version 12.0.0.4

Description The issue exists due to insufficient input validation in the Connection Manager component. This allows a remote attacker to potentially execute arbitrary code or cause a denial of service. Successful attacks can result in unauthorized access to critical data, including creation, deletion, or modification of data, as well as partial denial of service.

Recommendations For version 12.0.0.4, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting network access via TCP to the Connection Manager component to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-02834

CVE-2022-21424

Affected Products

Oracle Communications Billing/Revenue Management

PT-2022-2432 · Oracle · Oracle Communications Billing/Revenue Management

CVE-2022-21424

Weakness Enumeration

Related Identifiers

Affected Products

References · 4