Oracle Communications Order and Service Management Security Vulnerability Allowing Unauthorized Data Access and Partial Denial-of-Service

A vulnerability has been identified in the Oracle Communications Order and Service Management product, specifically in versions 7.4.0, 7.4.1, and 7.5.0. This vulnerability, which resides in the Security component, is easily exploitable by a low-privileged attacker with network access via HTTP. Successful exploitation requires human interaction from someone other than the attacker. The vulnerability allows for unauthorized update, insert, or delete access to certain accessible data within Oracle Communications Order and Service Management. Additionally, it permits unauthorized read access to a subset of accessible data and the unauthorized ability to cause a partial denial-of-service condition in the application.

Impact

Exploitation of this vulnerability can lead to unauthorized modification or deletion of data, unauthorized access to sensitive information, and a partial denial-of-service condition in Oracle Communications Order and Service Management.