Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html | Exploit Third Party Advisory VDB Entry |
https://www.oracle.com/security-alerts/cpuoct2022.html | Patch Vendor Advisory |
Configurations
History
28 Jun 2024, 13:44
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html - Exploit, Third Party Advisory, VDB Entry |
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 |
01 Mar 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2022, 16:54
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2022.html - Patch, Vendor Advisory |
18 Oct 2022, 21:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-18 21:15
Updated : 2024-09-26 14:16
NVD link : CVE-2022-21587
Mitre link : CVE-2022-21587
CVE.ORG link : CVE-2022-21587
JSON object : View
Products Affected
oracle
- e-business_suite
CWE
CWE-306
Missing Authentication for Critical Function