Summaryinfo

A vulnerability labeled as critical has been found in Oracle Communications Service Catalog and Design 7.4.0.7.0/7.4.1.5.0/7.4.2.8.0. Affected by this issue is some unknown functionality of the component Order/Service Management. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2021-37533. The attack may be performed from remote. There is no available exploit.

Detailsinfo

A vulnerability was found in Oracle Communications Service Catalog and Design 7.4.0.7.0/7.4.1.5.0/7.4.2.8.0 (Cloud Software) and classified as critical. Affected by this issue is an unknown part of the component Order/Service Management. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality.

The weakness was presented 01/16/2024 as Oracle Critical Patch Update Advisory - January 2024. The advisory is shared for download at oracle.com. This vulnerability is handled as CVE-2021-37533. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

A possible mitigation has been published immediately after the disclosure of the vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Cloud Software

Vendor

• Oracle

Name

• Communications Service Catalog and Design

Version

• 7.4.0.7.0
• 7.4.1.5.0
• 7.4.2.8.0

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion