← Back to CVEs
CVE-2022-21587
CRITICALCISA KEV9.8
Description
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/18/2022
Last Modified10/27/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorOracle
ProductE-Business Suite
Vulnerability NameOracle E-Business Suite Unspecified Vulnerability
KEV Date Added2023-02-02
Remediation Due Date2023-02-23
Ransomware UseKnown
Affected Products
oracle:e-business_suite
Weaknesses (CWE)
CWE-306CWE-306
References
http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html(secalert_us@oracle.com)
https://www.oracle.com/security-alerts/cpuoct2022.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-21587(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.