CVE-2022-21445
CVE-2022-21445
In short
A critical flaw in Oracle's ADF Faces component allows anyone on the network to take over the application without needing to log in, potentially giving attackers complete control over the system.
Technical detail
Unauthenticated remote code execution vulnerability in Oracle ADF Faces (versions 12.2.1.3.0 and 12.2.1.4.0) exploitable via HTTP with no authentication required. The vulnerability results in complete compromise of confidentiality, integrity, and availability of the affected application.
Summary generated and translated by AI from the official description.
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). Note: Oracle Application Development Framework (ADF) is downloaded via Oracle JDeveloper Product. Please refer to Fusion Middleware Patch Advisor for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Oracle Corporation · Application Development Framework (ADF)public PoCs found — 2
githubgithub.com/NeCr00/CVE-2022-21445★ 5githubgithub.com/hienkiet/CVE-2022-21445-for-12.2.1.3.0-Weblogic★ 3⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →