CVE-2022-21405

CWE-284 — Improper Access Control5 documents5 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 67.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation OSS Support Tools Oracle OSS Support Tools

Timeline

PublishedApr 19

Latest updateJan 14

Description

Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Oracle Explorer). The supported version that is affected is 18.3. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where OSS Support Tools executes to compromise OSS Support Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in OSS Support Tools, attacks may significantly impact additional product…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages2 packages

▶NVDoracle/oss_support_tools18.3

▶CVEListV5oracle_corporation/oss_support_tools18.3

🔴Vulnerability Details

GHSA

GHSA-2w56-jm3g-7vcg: Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Oracle Explorer)↗2022-04-20

▶

CVEList

CVE-2022-21405: Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Oracle Explorer)↗2022-04-19

▶

📋Vendor Advisories

Microsoft

Visual Studio Elevation of Privilege Vulnerability↗2025-01-14

▶

Oracle

Oracle Oracle Support Tools Risk Matrix: Oracle Explorer — CVE-2022-21405↗2022-04-15

▶