CVE-2022-21587

2022-10-1800:00:00

oracle

www.cve.org

oracle

e-business suite

web applications

desktop integrator

vulnerability

http

cvss 3.1

confidentiality

integrity

availability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.974 High

EPSS

Percentile

99.9%

JSON

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CNA Affected

[
  {
    "vendor": "Oracle Corporation",
    "product": "Web Applications Desktop Integrator",
    "versions": [
      {
        "version": "12.2.3-12.2.11",
        "status": "affected"
      }
    ]
  }
]