Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-21500

6 documents6 sources
Severity
7.5HIGH
EPSS
93.9%
top 0.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Oracle User ManagementOracle Corporation User ManagementOracle E-business Suite
Timeline
PublishedMay 20
Latest updateJul 15

Description

Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-regis

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDoracle/user_management12.2.412.2.11
CVEListV5oracle_corporation/user_management12.2.4-12.2.11

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-vf87-8ch9-x7hf: Vulnerability in Oracle E-Business Suite (component: Manage Proxies)2022-05-21
CVEList
CVE-2022-21500: Vulnerability in Oracle E-Business Suite (component: Manage Proxies)2022-05-19
VulnCheck
Oracle E-Business Suite Manage Proxies Information Disclosure2022

💥Exploits & PoCs

1
Nuclei
Oracle E-Business Suite <=12.2 - Authentication Bypass

📋Vendor Advisories

1
Oracle
Oracle Oracle E-Business Suite Risk Matrix: Proxy User Delegation — CVE-2022-215002022-07-15