OSA-38995868

Vulnerability in the Oracle Business Activity Monitoring product of Oracle Fusion Middleware (component: Centralized Thirdparty Jars (Apache Log4j)). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Activity Monitoring. While the vulnerability is in Oracle Business Activity Monitoring, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Business Activity Monitoring. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).