OSA-38797880

Vulnerability in the Oracle Healthcare Data Repository product of Oracle HealthCare Applications (component: FHIR Server (Apache Log4j)). Supported versions that are affected are 8.2.0.5 and 8.2.0.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Healthcare Data Repository. While the vulnerability is in Oracle Healthcare Data Repository, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Healthcare Data Repository accessible data as well as unauthorized read access to a subset of Oracle Healthcare Data Repository accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N).