CVE-2022-21587

CVE Database · CVE-2022-21587

CVE-2022-21587

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

98.34%

Published

Oct 18, 2022

Modified

Oct 27, 2025

CISA Known Exploited Vulnerability

Added: 2023-02-02 · Due: 2023-02-23

Apply updates per vendor instructions.

Public PoC / Exploit (5)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoChieuminhnv/CVE-2022-21587-POC★15 GitHub PoCsahabrifki/CVE-2022-21587-Oracle-EBS-★6 GitHub PoCrockmelodies/Oracle-E-BS-CVE-2022-21587-Exploit★2

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-306CWE-306

Affected Products (1)

oracle · e-business_suitevulnerable

References (5)

http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html

ExploitThird Party AdvisoryVDB Entry

https://www.oracle.com/security-alerts/cpuoct2022.html

PatchVendor Advisory

http://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html

ExploitThird Party AdvisoryVDB Entry

https://www.oracle.com/security-alerts/cpuoct2022.html

PatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-21587

KEV Catalog EPSS Scores Vendors All CVEs