Oracle E-Business Suite Attachments Vulnerability in Oracle Applications Framework
CVE-2022-21477

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Applications Framework
Vendor: CVE Published:; 19 April 2022

Summary

A vulnerability exists within the Oracle Applications Framework of Oracle E-Business Suite, specifically affecting file upload functionalities. This flaw enables low-privileged attackers with network access to exploit the system, requiring human interaction from a third party for successful exploitation. The impact of successful exploitation can lead to unauthorized data manipulation, such as updates, inserts, or deletions, as well as unauthorized read access to sensitive data. As this vulnerability affects the underlying framework, it poses risks to other interconnected products, potentially broadening the scope of its impact.

Affected Version(s)

Applications Framework 12.2.6-12.2.11

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021