OSA-39109212

Vulnerability in the Oracle Communications Cloud Native Core Unified Data Repository product of Oracle Communications (component: Install (Undertow)). Supported versions that are affected are 25.1.100 and 25.1.200. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Unified Data Repository. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Cloud Native Core Unified Data Repository, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Unified Data Repository. CVSS 3.1 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).