Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2022-21445

Disclosure Date: April 19, 2022 •

CVE-2022-21445 CVSS v3 Base Score: 9.8

Exploited in the Wild

Reported by ccondon-r7 and 1 more...
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). Note: Oracle Application Development Framework (ADF) is downloaded via Oracle JDeveloper Product. Please refer to Fusion Middleware Patch Advisor for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

oracle

Products

application development framework 12.2.1.3.0,
application development framework 12.2.1.4.0

Exploited in the Wild

Reported by:

ccondon-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/09/18/cisa-adds-five-known-exploited-vulnerabilities-catalog)

Reported: September 24, 2024 7:19pm UTC (1 month ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2024/09/18/cisa-adds-four-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:20am UTC (2 weeks ago)

References

Canonical

CVE-2022-21445 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21445)

Miscellaneous

https://www.oracle.com/security-alerts/cpuapr2022.html

Rapid7

Unknown

CVE-2022-21445

Unknown

Unknown

None

None

Network

CVE-2022-21445

Description