nvd-json-data-feeds/CVE-2022/CVE-2022-394xx/CVE-2022-39411.json

{
  "id": "CVE-2022-39411",
  "sourceIdentifier": "secalert_us@oracle.com",
  "published": "2022-10-18T21:15:15.397",
  "lastModified": "2022-10-20T05:28:12.147",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Business Process Automation). Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Transportation Management accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle Transportation Management de Oracle Supply Chain (componente: Business Process Automation). Las versiones soportadas que est\u00e1n afectadas son 6.4.3 y la 6.5.1. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante con altos privilegios con acceso a la red por medio de HTTP comprometer a Oracle Transportation Management. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en el acceso no autorizado a datos cr\u00edticos o el acceso completo a todos los datos accesibles de Oracle Transportation Management. CVSS 3.1 Puntuaci\u00f3n Base 4.9 (Impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "secalert_us@oracle.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:transportation_management:6.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F87413-69B4-4B1F-AFE6-5D711851F60F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:transportation_management:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5681B968-E3E4-41AA-A1FA-3C95854C9AA7"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.oracle.com/security-alerts/cpuoct2022.html",
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}