Unauthenticated Network Access Vulnerability in Oracle Application Development Framework
CVE-2022-21445
Key Information:
- Vendor
Oracle
- Vendor
- CVE Published:
- 19 April 2022
Badges
What is CVE-2022-21445?
This vulnerability exists in the Oracle Application Development Framework (ADF) within the Oracle Fusion Middleware. It allows unauthenticated attackers with network access via HTTP to exploit ADF, potentially leading to a complete takeover of the affected framework. The vulnerability, which affects specific versions of ADF, poses a significant risk as it can compromise the confidentiality, integrity, and availability of the application. Users should consult the Fusion Middleware Patch Advisor for mitigation steps.
CISA has reported CVE-2022-21445
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2022-21445 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Application Development Framework (ADF) 12.2.1.3.0
Application Development Framework (ADF) 12.2.1.4.0
References
EPSS Score
92% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π¦
CISA Reported
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved