#VU62514 Improper input validation in Oracle Communications Cloud Native Core Automated Test Suite - CVE-2021-22132
Published: April 22, 2022
Vulnerability identifier: #VU62514
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-22132
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Oracle Communications Cloud Native Core Automated Test Suite
Oracle Communications Cloud Native Core Automated Test Suite
Software vendor:
Oracle
Oracle
Description
The vulnerability allows a remote authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Automated Test Suite Framework (Elasticsearch) component in Oracle Communications Cloud Native Core Automated Test Suite. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.
Remediation
Install updates from vendor's website.