CVE-2022-21587: Oracle E-Business Suite Unspecified Vulnerability
First published: Tue Oct 18 2022(Updated: )
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle E-Business Suite | >=12.2.3<=12.2.11 | |
| Oracle E-Business Suite | ||
| >=12.2.3<=12.2.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html
- https://www.oracle.com/security-alerts/cpuoct2022.html
- https://www.theregister.com/2024/02/27/manufacturing_sector_malware/
- https://www.bleepingcomputer.com/news/security/chinese-earth-krahang-hackers-breach-70-orgs-in-23-countries/
- https://www.theregister.com/2024/03/19/china_cyberspies_earth_krahang/
- https://www.theregister.com/2024/07/12/cisa_broke_into_fed_agency/
- https://www.oracle.com/security-alerts/cpuoct2022.html;
- https://nvd.nist.gov/vuln/detail/CVE-2022-21587
Frequently Asked Questions
What is CVE-2022-21587?
CVE-2022-21587 is an unspecified vulnerability in Oracle E-Business Suite that allows an unauthenticated attacker to compromise Oracle Web Applications Desktop Integrator.
Who is affected by CVE-2022-21587?
Oracle E-Business Suite users are affected by CVE-2022-21587.
How can an attacker exploit CVE-2022-21587?
An attacker with network access via HTTP can exploit CVE-2022-21587.
Is authentication required to exploit CVE-2022-21587?
No, authentication is not required to exploit CVE-2022-21587.
Where can I find more information about CVE-2022-21587?
You can find more information about CVE-2022-21587 in the Oracle Security Advisory: https://www.oracle.com/security-alerts/cpuoct2022.html
- collector/nvd-index
- agent/type
- agent/description
- agent/title
- agent/weakness
- agent/remedy
- collector/the-register
- source/The Register
- alias/CVE-2023-21554
- alias/CVE-2022-21587
- alias/CVE-2022-21589
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2023-32315
- agent/news-ai
- agent/author
- agent/severity
- agent/first-publish-date
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/softwarecombine
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/last-modified-date
- agent/tags
- agent/trending
- agent/source
- vendor/oracle
- canonical/oracle e-business suite
- version/oracle e-business suite/12.2.3
- version/oracle e-business suite/12.2.11