CVE-2022-21587 — Oracle E-Business Suite Unspecified Vulnerability

2023-02-02 • CISA Known Exploited Vulnerability

[event] Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.

> AFFECTED SOFTWARE

Field	Value
Vendor	Oracle
Product	E-Business Suite
CWE	CWE-306
CVE ID	CVE-2022-21587
Date Added	2023-02-02
Due Date	2023-02-23
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2023-02-23

> REFERENCES

[1] https://www.oracle.com/security-alerts/cpuoct2022.html
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-21587