Summaryinfo

A vulnerability classified as critical was found in Oracle Communications Cloud Native Core Network Repository Function 23.3.1. The affected element is an unknown function of the component Install/Upgrade. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2023-33201. The attack may be performed from remote. There is no available exploit.

Detailsinfo

A vulnerability, which was classified as critical, has been found in Oracle Communications Cloud Native Core Network Repository Function 23.3.1 (Cloud Software). Affected by this issue is an unknown function of the component Install/Upgrade. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality.

The weakness was presented 01/16/2024 as Oracle Critical Patch Update Advisory - January 2024. The advisory is shared for download at oracle.com. This vulnerability is handled as CVE-2023-33201. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-2081). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Cloud Software

Vendor

• Oracle

Name

• Communications Cloud Native Core Network Repository Function

Version

• 23.3.1

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion