Oracle Communications Order and Service Management Security Vulnerability Allowing Unauthorized Data Access and Partial Denial-of-Service

A vulnerability has been identified in the Oracle Communications Order and Service Management product, specifically in versions 7.4.0, 7.4.1, and 7.5.0. This vulnerability, which resides in the Security component, is easily exploitable by low-privileged attackers with network access via HTTP. Successful exploitation allows unauthorized users to update, insert, or delete certain accessible data within Oracle Communications Order and Service Management. Additionally, it permits unauthorized read access to a subset of accessible data and the ability to cause a partial denial-of-service on the application.

Impact

Exploitation of this vulnerability could lead to unauthorized modification or deletion of data, unauthorized access to sensitive information, and a partial denial-of-service, causing some disruption to the application's availability.