CVE-2023-21824

MEDIUM

Oracle Communications BRM - Elastic Charging Engine <12.0.0.7.0 - P...

Title source: llm
STIX 2.1

Description

Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Communications BRM - Elastic Charging Engine executes to compromise Oracle Communications BRM - Elastic Charging Engine. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications BRM - Elastic Charging Engine accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

References (1)

Core 1
Core References
Patch, Vendor Advisory vendor-advisory
https://www.oracle.com/security-alerts/cpujan2023.html

Scores

CVSS v3 4.4
EPSS 0.0007
EPSS Percentile 22.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (3)
oracle/communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0 - 12.0.0.7.0
oracle/communications_cloud_native_core_binding_support_function 22.3.0
oracle/communications_cloud_native_core_policy 22.3.0
Published Jan 18, 2023
Tracked Since Feb 18, 2026