CVE-2023-21859

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Access Manager executes to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Published: Jan 18, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-21859
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / access_manager	12.2.1.4.0	12.2.1.4.0.x

https://www.oracle.com/security-alerts/cpujan2023.html

Vulnerability Database

289,599

CVE-2023-21859