Rewterz

Rewterz Threat Advisory – Multiple Cisco Small Business SPA500 Series IP Phones Vulnerabilities

July 20, 2023
Rewterz

Rewterz Threat Advisory – CVE-2023-22062 – Oracle Hyperion Financial Reporting Vulnerability

July 20, 2023

Rewterz Threat Advisory – Multiple Oracle Application Express Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-21975 CVSS:9

A vulnerability in Oracle Application Express related to the User Account component in the Application Express Customers Plugin could allow a remote authenticated attacker to cause high confidentiality, high integrity and high availability impacts.

CVE-2023-21974 CVSS:9

A vulnerability in Oracle Application Express related to the User Account component in the Application Express Team Calendar Plugin could allow a remote authenticated attacker to cause high confidentiality, high integrity and high availability impacts.

Impact

  • Unauthorized Access

Indicators Of Compromise

CVE

  • CVE-2023-21975
  • CVE-2023-21974

Affected Vendors

Oracle

Affected Products

  • Oracle Application Express Customers Plugin 18.2
  • Oracle Application Express Customers Plugin 22.2
  • Oracle Application Express Team Calendar Plugin 22.1

Remediation

Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.

Oracle Critical Patch Update Advisory

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.