Oracle Enterprise Session Border Controller 9.x Web UI Unauthorized Access
CVE-2023-22083 Published on October 17, 2023
Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Web UI). Supported versions that are affected are 9.0-9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Session Border Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Session Border Controller accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).
Vulnerability Analysis
CVE-2023-22083 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Products Associated with CVE-2023-22083
Want to know whenever a new CVE is published for Oracle Enterprise Session Border Controller? stack.watch will email you.
Affected Versions
Oracle Corporation Enterprise Communications Broker:- Version 3.3 is affected.
- Version 4.0 is affected.
- Version 4.1 is affected.
- Version 9.0, <= 9.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.