OSA-37109893

Vulnerability in the Oracle Communications Cloud Native Core Console product of Oracle Communications (component: Configuration (libcurl)). Supported versions that are affected are 23.4.2 and 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Console. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Cloud Native Core Console accessible data as well as unauthorized update, insert or delete access to some of Oracle Communications Cloud Native Core Console accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Cloud Native Core Console. CVSS 3.1 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).