Rewterz Threat Advisory – Multiple Oracle WebLogic SERVER Vulnerabilities
October 20, 2023Rewterz Threat Update – CVE-2023-20198: Cisco IOS XE Zero-Day Exploit Infects 40,000 Devices
October 20, 2023Rewterz Threat Advisory – Multiple Oracle WebLogic SERVER Vulnerabilities
October 20, 2023Rewterz Threat Update – CVE-2023-20198: Cisco IOS XE Zero-Day Exploit Infects 40,000 Devices
October 20, 2023Severity
Medium
Analysis Summary
CVE-2023-22109 CVSS:5.4
An unspecified vulnerability in Oracle Business Intelligence Enterprise Edition related to the Analytics Web Dashboards component could allow a remote authenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVE-2023-22082 CVSS:5.4
An unspecified vulnerability in Oracle Business Intelligence Enterprise Edition related to the Pod Admin component could allow a remote authenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVE-2023-22107 CVSS:6.1
An unspecified vulnerability in Oracle Enterprise Command Center Framework related to the UI Components component could allow a remote attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVE-2023-22106 CVSS:6.5
An unspecified vulnerability in Oracle Enterprise Command Center Framework related to the UI Components component could allow a remote authenticated attacker to cause low confidentiality impact, no integrity impact, and no availability impact.
CVE-2023-22093 CVSS:6.5
An unspecified vulnerability in Oracle iRecruitment related to the Requisition and Vacancy component could allow a remote attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVE-2023-22076 CVSS:6.1
An unspecified vulnerability in Oracle Applications Framework related to the Personalization component could allow a remote attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVE-2023-22090 CVSS:6.5
An unspecified vulnerability in Oracle PeopleSoft Enterprise CC Common Application Objects related to the Events & Notifications component could allow a remote authenticated attacker to cause high confidentiality impact, no integrity impact, and no availability impact.
CVE-2023-22080 CVSS:6.1
An unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools related to the PIA Core Technology component could allow a remote attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVE-2023-22087 CVSS:8.8
An unspecified vulnerability in Oracle Hospitality OPERA 5 Property Services related to the Opera component could allow a remote authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.
CVE-2023-22085 CVSS:8.8
An unspecified vulnerability in Oracle Hospitality OPERA 5 Property Services related to the Opera component could allow a remote authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.
CVE-2023-22019 CVSS:7.5
An unspecified vulnerability in Oracle HTTP Server related to the Web Listener component could allow a remote attacker to cause high confidentiality impact, no integrity impact, and no availability impact.
CVE-2023-22088 CVSS:4.3
An unspecified vulnerability in Oracle Communications Order and Service Management product of Oracle Communications Applications related to the User Management component could allow a remote authenticated attacker to cause low confidentiality impact, no integrity impact, and no availability impact.
CVE-2023-22083 CVSS:4.3
An unspecified vulnerability in Oracle Enterprise Communications Broker related to the Web UI component could allow a remote attacker to cause low confidentiality impact, no integrity impact, and no availability impact.
CVE-2023-22105 CVSS:5.4
An unspecified vulnerability in BI Publisher related to the Web Server component could allow a remote attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
Impact
- Denial of Service
- Gain Access
- Information Theft
Indicators Of Compromise
CVE
- CVE-2023-22109
- CVE-2023-22082
- CVE-2023-22107
- CVE-2023-22106
- CVE-2023-22093
- CVE-2023-22076
- CVE-2023-22090
- CVE-2023-22080
- CVE-2023-22087
- CVE-2023-22085
- CVE-2023-22019
- CVE-2023-22088
- CVE-2023-22083
- CVE-2023-22015
Affected Vendors
Oracle
Affected Products
- Oracle Business Intelligence Enterprise Edition 6.4.0.0.0
- Oracle Business Intelligence Enterprise Edition 7.0.0.0.0
- Oracle Enterprise Command Center Framework 9.0
- Oracle Enterprise Command Center Framework 8.0
- Oracle Enterprise Command Center Framework 10.0
- Oracle iRecruitment 12.2.3
- Oracle iRecruitment 12.2.12
- Oracle Applications Framework 12.2.3
- Oracle Applications Framework 12.2.12
- Oracle PeopleSoft Enterprise CC Common Application Objects 9.2
- Oracle Hospitality OPERA 5 Property Services 5.6
- Oracle HTTP Server 12.2.1.4.0
- Oracle Communications Order and Service Management 7.4.1
- Oracle Communications Order and Service Management 7.4.0
- Oracle Enterprise Communications Broker 3.3
- Oracle Enterprise Communications Broker 4.0
- Oracle Enterprise Communications Broker 4.1
- Oracle PeopleSoft Enterprise PeopleTools 8.59
- Oracle PeopleSoft Enterprise PeopleTools 8.60
- Oracle BI Publisher 6.4.0.0.0
Remediation
Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.