Rewterz Threat Advisory – Multiple Oracle PeopleSoft Enterprise PeopleTools Vulnerabilities
January 23, 2023Rewterz Threat Advisory – Multiple Microsoft Windows Products Vulnerabilities
January 24, 2023Rewterz Threat Advisory – Multiple Oracle PeopleSoft Enterprise PeopleTools Vulnerabilities
January 23, 2023Rewterz Threat Advisory – Multiple Microsoft Windows Products Vulnerabilities
January 24, 2023Severity
High
Analysis Summary
CVE-2023-21861 CVSS:5.4
An unspecified vulnerability in Oracle Fusion Middleware related to the Visual Analyzer component could allow a remote authenticated attacker to bypass security restrictions resulting in a low confidentiality and integrity impact using unknown attack vectors.
CVE-2023-21862 CVSS:8.1
An unspecified vulnerability in Oracle Fusion Middleware related to the XML Security component could allow a remote attacker to bypass security restrictions resulting in a high confidentiality and integrity impact using unknown attack vectors.
CVE-2023-21894 CVSS:7.3
An unspecified vulnerability in Oracle Fusion Middleware related to the Oracle Global Lifecycle Management NextGen OUI Framework component could allow a local authenticated attacker to take control of the system.
CVE-2023-21842 CVSS:7.5
An unspecified vulnerability in Oracle Fusion Middleware related to the Web Container component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVE-2023-21846 CVSS:8.8
An unspecified vulnerability in Oracle Fusion Middleware related to the Admin Security component could allow a remote authenticated attacker to gain elevated privileges resulting in a high confidentiality, high integrity, and high availability impact using unknown attack vectors.
CVE-2023-21837 CVSS:7.5
An unspecified vulnerability in Oracle Fusion Middleware related to the Core component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVE-2023-21859 CVSS:4.4
An unspecified vulnerability in Oracle Fusion Middleware related to the Authentication Engine component could allow a local authenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVE-2023-21841 CVSS:7.5
An unspecified vulnerability in Oracle Fusion Middleware related to the Core component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVE-2023-21839 CVSS:7.5
An unspecified vulnerability in Oracle Fusion Middleware related to the Core component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVE-2023-21838 CVSS:7.5
An unspecified vulnerability in Oracle Fusion Middleware related to the Core component could allow a remote attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2023-21832 CVSS:8.8
An unspecified vulnerability in Oracle Fusion Middleware related to the Admin Security component could allow a remote authenticated attacker to gain elevated privileges resulting in a high confidentiality, high integrity, and high availability impact using unknown attack vectors.
Impact
- Privilege Escalation
- Denial of Service
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-21861
- CVE-2023-21862
- CVE-2023-21894
- CVE-2023-21842
- CVE-2023-21846
- CVE-2023-21837
- CVE-2023-21859
- CVE-2023-21841
- CVE-2023-21839
- CVE-2023-21838
- CVE-2023-21832
Affected Vendors
Oracle
Affected Products
- Oracle Fusion Middleware 5.9.0.0.0
- Oracle Fusion Middleware 6.4.0.0.0
- Oracle Fusion Middleware 12.2.1.4.0
- Oracle Fusion Middleware 12.2.1.3.0
- Oracle Fusion Middleware 14.1.1.0.0
- Oracle Fusion Middleware 13.9.4.2.10
Remediation
Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.