Vulnerability Details CVE-2022-21587
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
Ransomware Campaign
Known
References
- http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html
- https://www.oracle.com/security-alerts/cpuoct2022.html
- http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html
- https://www.oracle.com/security-alerts/cpuoct2022.html
Products affected by CVE-2022-21587
-
cpe:2.3:a:oracle:e-business_suite:12.2.10
-
cpe:2.3:a:oracle:e-business_suite:12.2.11
-
cpe:2.3:a:oracle:e-business_suite:12.2.3
-
cpe:2.3:a:oracle:e-business_suite:12.2.4
-
cpe:2.3:a:oracle:e-business_suite:12.2.5
-
cpe:2.3:a:oracle:e-business_suite:12.2.6
-
cpe:2.3:a:oracle:e-business_suite:12.2.7
-
cpe:2.3:a:oracle:e-business_suite:12.2.8
-
cpe:2.3:a:oracle:e-business_suite:12.2.9