Update CVE-2022-21503

On branch cna/Oracle/CVE-2022-21503 Changes to be committed: modified: 2022/21xxx/CVE-2022-21503.json
2025-07-29 05:56:59 +00:00 · 2022-06-17 13:16:12 -07:00 · 2022-06-17 13:16:12 -07:00 · 88c2d8c61c
commit 88c2d8c61c
parent 045cfb8369
1 changed files with 54 additions and 3 deletions
--- a/2022/21xxx/CVE-2022-21503.json
+++ b/2022/21xxx/CVE-2022-21503.json
@ -3,15 +3,66 @@
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2022-21503",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Oracle Cloud Infrastructure",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "*"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Oracle Corporation"
+                }
+            ]
+        }
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to Oracle Cloud Infrastructure accessible data. All affected customers were notified of CVE-2022-21503 by Oracle. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)"
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "baseScore": "4.9",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to Oracle Cloud Infrastructure accessible data. All affected customers were notified of CVE-2022-21503 by Oracle."
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://support.oracle.com",
+                "name": "https://support.oracle.com",
+                "refsource": "MISC"
            }
        ]
    }