⚠ Actively exploited
Added to CISA KEV on 2024-09-18. Federal agencies required to patch by 2024-10-09. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2022-21445
Severity
9.8CRITICAL
EPSS
92.0%
top 0.30%
CISA KEV
KEV
Added 2024-09-18
Due 2024-10-09
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedApr 19
KEV addedSep 18
KEV dueOct 9
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). Note: Oracle Application Developm…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9