← back
CVE-2022-39428

CVE-2022-39428

CVSS 9.8 CRITICALEPSS 36.5%
Vexday Risk Score
40Attention
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 36.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
18 Oct 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Oracle Corporation · Web Applications Desktop Integrator

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.oracle.com/security-alerts/cpuoct2022.html