CVE

CVE-2023-21975

Date: (C)2023-07-21   (M)2023-12-22

Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Customers Plugin: 18.2-22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Application Express Customers Plugin. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express Customers Plugin, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Application Express Customers Plugin. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 9.0		CVSS Score :
Exploit Score: 2.3		Exploit Score:
Impact Score: 6.0		Impact Score:
CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector:
Attack Complexity: LOW		Access Complexity:
Privileges Required: LOW		Authentication:
User Interaction: REQUIRED		Confidentiality:
Scope: CHANGED		Integrity:
Confidentiality: HIGH		Availability:
Integrity: HIGH
Availability: HIGH

Reference:

https://www.oracle.com/security-alerts/cpujul2023.html