PT-2022-3930 · Oracle · Oracle Communications Billing/Revenue Management

Published

2022-07-19

Updated

2022-07-23

CVE-2022-21429

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle Communications Billing and Revenue Management versions 12.0.0.4.0 through 12.0.0.6.0

Description The issue exists due to insufficient input validation in the Billing Care component. This allows a remote attacker to execute arbitrary code. The vulnerability can be exploited by an unauthenticated attacker with network access via HTTP, potentially leading to the takeover of Oracle Communications Billing and Revenue Management.

Recommendations For versions 12.0.0.4.0 through 12.0.0.6.0, update to a version that addresses the insufficient input validation issue in the Billing Care component to prevent potential exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-04759

CVE-2022-21429

Affected Products

Oracle Communications Billing/Revenue Management

PT-2022-3930 · Oracle · Oracle Communications Billing/Revenue Management

CVE-2022-21429

Weakness Enumeration

Related Identifiers

Affected Products

References · 4