Rewterz Threat Advisory – Multiple Cisco Small Business SPA500 Series IP Phones Vulnerabilities
July 20, 2023Rewterz Threat Advisory – CVE-2023-22062 – Oracle Hyperion Financial Reporting Vulnerability
July 20, 2023Rewterz Threat Advisory – Multiple Cisco Small Business SPA500 Series IP Phones Vulnerabilities
July 20, 2023Rewterz Threat Advisory – CVE-2023-22062 – Oracle Hyperion Financial Reporting Vulnerability
July 20, 2023Severity
High
Analysis Summary
CVE-2023-21975 CVSS:9
A vulnerability in Oracle Application Express related to the User Account component in the Application Express Customers Plugin could allow a remote authenticated attacker to cause high confidentiality, high integrity and high availability impacts.
CVE-2023-21974 CVSS:9
A vulnerability in Oracle Application Express related to the User Account component in the Application Express Team Calendar Plugin could allow a remote authenticated attacker to cause high confidentiality, high integrity and high availability impacts.
Impact
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2023-21975
- CVE-2023-21974
Affected Vendors
Oracle
Affected Products
- Oracle Application Express Customers Plugin 18.2
- Oracle Application Express Customers Plugin 22.2
- Oracle Application Express Team Calendar Plugin 22.1
Remediation
Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.