CVE-2022-21255 — Oracle Configurator vulnerability

10 documents5 sources

Severity

8.1HIGHNVD

EPSS

1.3%

top 20.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Configurator Oracle Corporation Configurator

Timeline

PublishedJan 19

Latest updateSep 18

Description

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: UI Servlet). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Configurator accessible data as well as unauthorized access to critical d…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶NVDoracle/configurator12.2.3 — 12.2.11

▶CVEListV5oracle_corporation/configurator12.2.3-12.2.11

🔴Vulnerability Details

OSV

linux-intel-iotg vulnerabilities↗2023-09-18

▶

OSV

linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-raspi vulnerabilities↗2023-09-11

▶

OSV

linux-gcp-5.15, linux-gkeop-5.15 vulnerabilities↗2023-09-08

▶

OSV

linux-gke, linux-gkeop vulnerabilities↗2023-09-06

▶

OSV

linux-aws, linux-aws-5.15, linux-ibm-5.15, linux-oracle, linux-oracle-5.15 vulnerabilities↗2023-09-06

▶

📋Vendor Advisories

Oracle

Oracle Oracle E-Business Suite Risk Matrix: UI Servlet — CVE-2022-21255↗2022-01-15

▶