CVE-2023-22022

Name of the Vulnerable Software and Affected Versions Oracle Health Sciences Sciences Data Management Workbench versions 3.1.0.2, 3.1.1.3, 3.2.0.0

Description The issue is related to the Blinding Functionality component of the Oracle Health Sciences Sciences Data Management Workbench product. It allows a low-privileged attacker with network access via HTTP to compromise the system, resulting in unauthorized access to critical data or complete access to all accessible data. The vulnerability is easily exploitable and can be triggered remotely.

Recommendations For versions 3.1.0.2, 3.1.1.3, and 3.2.0.0, consider restricting access to the Blinding Functionality component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.