How severe is CVE-2023-21922?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2023-21922?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2023-21922

MEDIUM Year: 2023

CVSS v3 Score

6.8

Medium

Weakness Type

CWE-284

View all →

Vulnerability Description

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Health Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Health Sciences InForm accessible data as well as unauthorized access to critical data or complete access to all Oracle Health Sciences InForm accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).

CVE-2016-2167

MEDIUM

CVSS:6.8(Medium)

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate a...

CWE-2842016

CVE-2016-4030

MEDIUM

CVSS:6.8(Medium)

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I...

CWE-2842016

CVE-2016-4031

MEDIUM

CVSS:6.8(Medium)

CWE-2842016

CVE-2016-5610

MEDIUM

CVSS:6.8(Medium)

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability ...

CWE-2842016

CVE-2016-6338

MEDIUM

CVSS:6.8(Medium)

ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restrict...

CWE-2842016

CVE-2017-7918

MEDIUM

CVSS:6.8(Medium)

An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups us...

CWE-2842017

CVE-2023-21922

Vulnerability Description

Related Vulnerabilities

CVE-2016-2167

CVE-2016-4030

CVE-2016-4031

CVE-2016-5610

CVE-2016-6338

CVE-2017-7918