CVE-2023-21894

Name of the Vulnerable Software and Affected Versions Oracle Global Lifecycle Management NextGen OUI Framework versions prior to 13.9.4.2.11

Description The issue is related to insufficient input validation in the NextGen Installer issues component of Oracle Global Lifecycle Management NextGen OUI Framework, allowing a low-privileged attacker with logon to the infrastructure to compromise the system. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of Oracle Global Lifecycle Management NextGen OUI Framework.

Recommendations For versions prior to 13.9.4.2.11, update to version 13.9.4.2.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the NextGen Installer issues component to minimize the risk of exploitation. Additionally, ensure that all users with logon access to the infrastructure are trusted and monitored, as successful attacks require human interaction from a person other than the attacker.