CVE-2022-21587

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*

History

28 Jun 2024, 13:44

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html - () http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html - Exploit, Third Party Advisory, VDB Entry

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE NVD-CWE-noinfo CWE-306

01 Mar 2023, 18:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html -

20 Oct 2022, 16:54

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*
References (MISC) https://www.oracle.com/security-alerts/cpuoct2022.html - (MISC) https://www.oracle.com/security-alerts/cpuoct2022.html - Patch, Vendor Advisory

18 Oct 2022, 21:18

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-18 21:15

Updated : 2024-09-26 14:16


NVD link : CVE-2022-21587

Mitre link : CVE-2022-21587

CVE.ORG link : CVE-2022-21587


JSON object : View

Products Affected

oracle

  • e-business_suite
CWE
CWE-306

Missing Authentication for Critical Function