Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
Configurations
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 |
01 Mar 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2022, 16:54
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2022.html - Patch, Vendor Advisory | |
First Time |
Oracle
Oracle e-business Suite |
|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:* |
18 Oct 2022, 21:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-18 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-21587
Mitre link : CVE-2022-21587
CVE.ORG link : CVE-2022-21587
JSON object : View
Products Affected
oracle
- e-business_suite
CWE
CWE-306
Missing Authentication for Critical Function