CVE-2023-21926

EPSS 0.24%
Veröffentlicht 18.04.2023 20:15:13
Zuletzt bearbeitet 21.11.2024 07:43:55
Quelle secalert_us@oracle.com
Teams Watchlist Login
Unerledigt Login

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core).  Supported versions that are affected are Prior to 6.3.1.3 and  Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Health Sciences InForm executes to compromise Oracle Health Sciences InForm.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Health Sciences Inform Version < 6.3.1.3

Oracle ≫ Health Sciences Inform Version7.0.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.446

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
secalert_us@oracle.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

https://www.oracle.com/security-alerts/cpuapr2023.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-21926

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-21926

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-21926

EUVD