CVE-2022-21445
published 2022-04-19CVE-2022-21445: Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are…
PriorityP195critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2024-10-09
Exploited in the wild
EPSS
62.01%
99.1th percentile
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). Note: Oracle Application Development Framework (ADF) is downloaded via Oracle JDeveloper Product. Please refer to Fusion Middleware Patch Advisor for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | application_development_framework | — | — |
| oracle | application_development_framework | — | — |
| oracle_corporation | application_development_framework | — | — |
| oracle_corporation | application_development_framework | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-21445 is a deserialization of untrusted data vulnerability in Oracle ADF Faces (included with Oracle JDeveloper). Detection should focus on unauthenticated HTTP requests targeting ADF Faces deserialization endpoints, which can lead to remote code execution. ↗
- →The vulnerability is exploitable over HTTP with no authentication and no user interaction required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N). Monitor for anomalous unauthenticated HTTP traffic to ADF Faces endpoints on affected versions 12.2.1.3.0 and 12.2.1.4.0. ↗
- →Successful exploitation results in full takeover (C/I/A all HIGH). Alert on any unexpected process spawning or outbound connections from Oracle ADF Faces / JDeveloper server processes following HTTP requests. ↗
- ·Affected versions are specifically 12.2.1.3.0 and 12.2.1.4.0 of Oracle ADF Faces. Scope detection rules to these versions to reduce false positives. ↗
- ·Oracle ADF Faces is distributed as part of Oracle JDeveloper, not as a standalone product. Inventory should check for JDeveloper installations that bundle the vulnerable ADF Faces library. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_oracle9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7f3x-fvqf-q6q5: Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces)
ghsa_unreviewed·2022-04-20
CVE-2022-21445 [CRITICAL] CWE-502 GHSA-7f3x-fvqf-q6q5: Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces)
Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
VulnCheck
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
vulncheck·2022·CVSS 9.8
CVE-2022-21445 [CRITICAL] CWE-502 Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.
Affected: Oracle ADF Faces
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://www.secureworks.com/-/media/Files/US/Reports/state%20of%20the%20threat/secureworks-state-of-the-threat-report-2024.ashx; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Exploit PoC: https://vulncheck.com/xdb/df8eb20f5b8e
Remediation Due: 2024-10-09
CISA
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
cisa·2024-09-18·CVSS 9.8
CVE-2022-21445 [CRITICAL] CWE-502 Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
Vulnerability: Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
Affected: Oracle ADF Faces
Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://www.oracle.com/security-alerts/cpuapr2022.html ; https://nvd.nist.gov/vuln/detail/CVE-2022-21445
Remediation Due Date: 2024-10-09
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: ADF Faces — CVE-2022-21445
vendor_oracle·2022-04-15·CVSS 9.8
CVE-2022-21445 [CRITICAL] Oracle Oracle Fusion Middleware Risk Matrix: ADF Faces — CVE-2022-21445
Oracle Oracle Fusion Middleware Risk Matrix: ADF Faces vulnerability
CVE: CVE-2022-21445
CVSS: 9.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2022 (APR 2022)
No detection rules found.
No public exploits indexed.
Bleepingcomputer
CISA warns of actively exploited Apache HugeGraph-Server bug
blogs_bleepingcomputer·2024-09-19·CVSS 8.8
CVE-2024-27348 [HIGH] CISA warns of actively exploited Apache HugeGraph-Server bug
## CISA warns of actively exploited Apache HugeGraph-Server bug
## Bill Toulas
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server.
The flaw, tracked as CVE-2024-27348 and rated critical (CVSS v3.1 score: 9.8), is an improper access control vulnerability that impacts HugeGraph-Server versions from 1.0.0 and up to, but not including 1.3.0.
Apache fixed the vulnerability on April 22, 2024, with the release of version 1.3.0. Apart from upgrading to the latest version, users were also recommended to use Java 11 and enable the Auth system .
Also, enabling the "Whitelist-IP/port" function was proposed to improve the security of th
Greynoiseio
NoiseLetter September 2024
blogs_greynoiseio
NoiseLetter September 2024
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2022-04-19
Published
2024-09-18
Added to CISA KEV
Exploited in the wild