Oracle Communications Order and Service Management Security Vulnerability Allowing Unauthorized Data Access and Modification

A vulnerability has been identified in the Oracle Communications Order and Service Management product, specifically in versions 7.4.0, 7.4.1, and 7.5.0. This vulnerability, which resides in the Security component, is easily exploitable by low-privileged attackers with network access via HTTP. Successful exploitation requires human interaction from someone other than the attacker. While the vulnerability is contained within Oracle Communications Order and Service Management, successful attacks could significantly impact additional products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized read access to certain subsets of accessible data, as well as unauthorized update, insert, or delete access to other accessible data within Oracle Communications Order and Service Management.

Impact

Exploitation allows for unauthorized access to read, update, insert, or delete certain data within Oracle Communications Order and Service Management. However, successful attacks could also impact additional products, leading to a scope change.