CVE-2022-21477
4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 51.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 19
Latest updateApr 20
Description
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Supported versions that are affected are 12.2.6-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7
Affected Packages2 packages
🔴Vulnerability Details
2GHSA▶
GHSA-mccj-cxq2-rfrr: Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload)↗2022-04-20
CVEList▶
CVE-2022-21477: Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload)↗2022-04-19
📋Vendor Advisories
1Oracle
▶