CVE-2023-22107

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Command Center Framework versions 8 through 10

Description The issue is related to insufficient input validation in the UI Components of the Oracle Enterprise Command Center Framework, allowing an unauthenticated attacker with network access via HTTP to compromise the framework. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. Attacks can result in unauthorized update, insert, or delete access to some of the framework's accessible data, as well as unauthorized read access to a subset of the framework's accessible data.

Recommendations For versions 8 through 10, consider restricting access to the UI Components until a patch is available. As a temporary workaround, limit the use of HTTP protocol to minimize the risk of exploitation. Avoid using the framework's accessible data in a way that could lead to unauthorized access until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.