Summaryinfo

A vulnerability marked as very critical has been reported in Oracle Communications Cloud Native Core Network Data Analytics Function 23.3.0/23.4.0. Impacted is an unknown function of the component Automated Test Suite. The manipulation leads to an unknown weakness. This vulnerability is listed as CVE-2023-44981. The attack may be initiated remotely. There is no available exploit.

Detailsinfo

A vulnerability, which was classified as very critical, has been found in Oracle Communications Cloud Native Core Network Data Analytics Function 23.3.0/23.4.0 (Cloud Software). This issue affects an unknown code of the component Automated Test Suite. Using CWE to declare the problem leads to CWE-639. The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. Impacted is confidentiality, and integrity.

The weakness was presented 01/16/2024 as Oracle Critical Patch Update Advisory - January 2024. It is possible to read the advisory at oracle.com. The identification of this vulnerability is CVE-2023-44981. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 02/14/2025).

We expect the 0-day to have been worth approximately $25k-$100k.

A possible mitigation has been published immediately after the disclosure of the vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Cloud Software

Vendor

• Oracle

Name

• Communications Cloud Native Core Network Data Analytics Function

Version

• 23.3.0
• 23.4.0

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion