Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Oracle WebLogic SERVER Vulnerabilities
October 20, 2023
Rewterz
Rewterz Threat Update – CVE-2023-20198: Cisco IOS XE Zero-Day Exploit Infects 40,000 Devices
October 20, 2023

Rewterz Threat Advisory – Multiple Oracle Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-22109 CVSS:5.4

An unspecified vulnerability in Oracle Business Intelligence Enterprise Edition related to the Analytics Web Dashboards component could allow a remote authenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.

CVE-2023-22082 CVSS:5.4

An unspecified vulnerability in Oracle Business Intelligence Enterprise Edition related to the Pod Admin component could allow a remote authenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.

CVE-2023-22107 CVSS:6.1

An unspecified vulnerability in Oracle Enterprise Command Center Framework related to the UI Components component could allow a remote attacker to cause low confidentiality impact, low integrity impact, and no availability impact.

CVE-2023-22106 CVSS:6.5

An unspecified vulnerability in Oracle Enterprise Command Center Framework related to the UI Components component could allow a remote authenticated attacker to cause low confidentiality impact, no integrity impact, and no availability impact.

CVE-2023-22093 CVSS:6.5

An unspecified vulnerability in Oracle iRecruitment related to the Requisition and Vacancy component could allow a remote attacker to cause low confidentiality impact, low integrity impact, and no availability impact.

CVE-2023-22076 CVSS:6.1

An unspecified vulnerability in Oracle Applications Framework related to the Personalization component could allow a remote attacker to cause low confidentiality impact, low integrity impact, and no availability impact.

CVE-2023-22090 CVSS:6.5

An unspecified vulnerability in Oracle PeopleSoft Enterprise CC Common Application Objects related to the Events & Notifications component could allow a remote authenticated attacker to cause high confidentiality impact, no integrity impact, and no availability impact.

CVE-2023-22080 CVSS:6.1

An unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools related to the PIA Core Technology component could allow a remote attacker to cause low confidentiality impact, low integrity impact, and no availability impact.

CVE-2023-22087 CVSS:8.8

An unspecified vulnerability in Oracle Hospitality OPERA 5 Property Services related to the Opera component could allow a remote authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.

CVE-2023-22085 CVSS:8.8

An unspecified vulnerability in Oracle Hospitality OPERA 5 Property Services related to the Opera component could allow a remote authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.

CVE-2023-22019 CVSS:7.5

An unspecified vulnerability in Oracle HTTP Server related to the Web Listener component could allow a remote attacker to cause high confidentiality impact, no integrity impact, and no availability impact.

CVE-2023-22088 CVSS:4.3

An unspecified vulnerability in Oracle Communications Order and Service Management product of Oracle Communications Applications related to the User Management component could allow a remote authenticated attacker to cause low confidentiality impact, no integrity impact, and no availability impact.

CVE-2023-22083 CVSS:4.3

An unspecified vulnerability in Oracle Enterprise Communications Broker related to the Web UI component could allow a remote attacker to cause low confidentiality impact, no integrity impact, and no availability impact.

CVE-2023-22105 CVSS:5.4

An unspecified vulnerability in BI Publisher related to the Web Server component could allow a remote attacker to cause low confidentiality impact, low integrity impact, and no availability impact.

Impact

  • Denial of Service
  • Gain Access
  • Information Theft

Indicators Of Compromise

CVE

  • CVE-2023-22109
  • CVE-2023-22082
  • CVE-2023-22107
  • CVE-2023-22106
  • CVE-2023-22093
  • CVE-2023-22076
  • CVE-2023-22090
  • CVE-2023-22080
  • CVE-2023-22087
  • CVE-2023-22085
  • CVE-2023-22019
  • CVE-2023-22088
  • CVE-2023-22083
  • CVE-2023-22015

Affected Vendors

Oracle

Affected Products

  • Oracle Business Intelligence Enterprise Edition 6.4.0.0.0
  • Oracle Business Intelligence Enterprise Edition 7.0.0.0.0
  • Oracle Enterprise Command Center Framework 9.0
  • Oracle Enterprise Command Center Framework 8.0
  • Oracle Enterprise Command Center Framework 10.0
  • Oracle iRecruitment 12.2.3
  • Oracle iRecruitment 12.2.12
  • Oracle Applications Framework 12.2.3
  • Oracle Applications Framework 12.2.12
  • Oracle PeopleSoft Enterprise CC Common Application Objects 9.2
  • Oracle Hospitality OPERA 5 Property Services 5.6
  • Oracle HTTP Server 12.2.1.4.0
  • Oracle Communications Order and Service Management 7.4.1
  • Oracle Communications Order and Service Management 7.4.0
  • Oracle Enterprise Communications Broker 3.3
  • Oracle Enterprise Communications Broker 4.0
  • Oracle Enterprise Communications Broker 4.1
  • Oracle PeopleSoft Enterprise PeopleTools 8.59
  • Oracle PeopleSoft Enterprise PeopleTools 8.60
  • Oracle BI Publisher 6.4.0.0.0

Remediation

Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.

Oracle Critical Patch Update Advisory