CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2022-21587

CVSS 9.8v3.1pub. 2022-10-18upd. 2025-10-27

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oracle E Business Suite

    APP
    Oracle
    12.2.3 – 12.2.11

CISA KEV — detailsi

Vendori
Oracle
Producti
E-Business Suite
Added to KEVi
February 2, 2023
Remediation deadline (US Federal)i
February 23, 2023(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 23 lutego 2023
Tags
Auth BypassDoS
CWE
References

Related vulnerabilities

CVE-2026-46819CRITICAL9.1PL ✓ten sam produkt

Krytyczny Auth Bypass w Oracle Internet Procurement Connector (E-Business Suite)

CVE-2026-46817CRITICAL9.8PL ✓ten sam produkt

Krytyczna podatność Auth Bypass w Oracle Payments (E-Business Suite)

CVE-2025-30727CRITICAL9.8PL ✓ten sam produkt

Krytyczny Auth Bypass w Oracle E-Business Suite — moduł iSurvey

CVE-2019-2489CRITICAL9.1ten sam produkt

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Que...

CVE-2019-2453CRITICAL9.1ten sam produkt

Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Perform...