CVE-2022-21445
Oracle JDeveloper Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
YesDecision
Descriptions
Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Una vulnerabilidad en el producto Oracle JDeveloper de Oracle Fusion Middleware (componente: ADF Faces). Las versiones afectadas son 12.2.1.3.0 y 12.2.1.4.0. Una vulnerabilidad explotable fácilmente permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle JDeveloper. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de Oracle JDeveloper. CVSS 3.1, Puntuación base 9.8 (impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Oracle JDeveloper, a product within the Fusion Middleware suite, contains an deserialization vulnerability the ADF Faces component, leading to unauthenticated remote code execution.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2021-11-15 CVE Reserved
- 2022-04-19 CVE Published
- 2023-08-07 First Exploit
- 2024-09-18 CVE Updated
- 2024-09-18 Exploited in Wild
- 2024-09-19 EPSS Updated
- 2024-10-09 KEV Due Date
CWE
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/M0chae1/CVE-2022-21445 | 2023-08-07 | |
https://github.com/hienkiet/CVE-2022-21445-for-12.2.1.3.0-Weblogic | 2024-03-18 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.oracle.com/security-alerts/cpuapr2022.html | 2022-04-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Jdeveloper Search vendor "Oracle" for product "Jdeveloper" | 12.2.1.3.0 Search vendor "Oracle" for product "Jdeveloper" and version "12.2.1.3.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdeveloper Search vendor "Oracle" for product "Jdeveloper" | 12.2.1.4.0 Search vendor "Oracle" for product "Jdeveloper" and version "12.2.1.4.0" | - |
Affected
|