CVE-2022-39405
MEDIUMOracle Access Manager 12.2.1.3.0 - Unauthenticated Improper Access Control
Title source: llmDescription
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://www.oracle.com/security-alerts/cpuoct2022.html
Scores
CVSS v3
5.3
EPSS
0.0122
EPSS Percentile
79.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
oracle/access_manager
12.2.1.3.0
Published
Oct 18, 2022
Tracked Since
Feb 18, 2026