CVE-2023-22088

Summary

CVE-2023-22088 is a newly disclosed vulnerability affecting Oracle Communications Order and Service Management, specifically the User Management component in versions 7.4.0 and 7.4.1. This issue permits a low-privileged attacker with network access to exploit it via HTTP. Successful attacks lead to unauthorized read access to a restricted subset of data within the Oracle Communications Order and Service Management system. The Base Score of this vulnerability, according to the Common Vulnerability Scoring System (CVSS), is 4.3, with a focus on confidentiality impacts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.