Summaryinfo

A vulnerability identified as very critical has been detected in Oracle Communications Policy Management 12.6.1.0.0/15.0.0.0.0. This vulnerability affects unknown code of the component CMP. Performing a manipulation results in an unknown weakness. This vulnerability is identified as CVE-2023-50164. The attack can be initiated remotely. There is not any exploit available.

Detailsinfo

A vulnerability classified as very critical has been found in Oracle Communications Policy Management 12.6.1.0.0/15.0.0.0.0 (Cloud Software). This affects some unknown functionality of the component CMP. CWE is classifying the issue as CWE-552. The product makes files or directories accessible to unauthorized actors, even though they should not be. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was released 01/16/2024 as Oracle Critical Patch Update Advisory - January 2024. The advisory is shared at oracle.com. This vulnerability is uniquely identified as CVE-2023-50164. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 02/14/2025). MITRE ATT&CK project uses the attack technique T1083 for this issue.

We expect the 0-day to have been worth approximately $25k-$100k.

A possible mitigation has been published immediately after the disclosure of the vulnerability.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Cloud Software

Vendor

• Oracle

Name

• Communications Policy Management

Version

• 12.6.1.0.0
• 15.0.0.0.0

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion