Unauthenticated Network Access Vulnerability in Oracle HTTP Server by Oracle
CVE-2022-21593

7.1HIGH

Key Information:

Vendor: Oracle
Status: Http Server
Vendor: CVE Published:; 18 October 2022

What is CVE-2022-21593?

An unauthenticated access vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware. This vulnerabilities allows an attacker with network access via HTTP to exploit the server, provided there is human interaction from a third party. If successfully exploited, this vulnerability can lead to unauthorized access to sensitive data and the potential for unauthorized modifications to Oracle HTTP Server accessible data.

Affected Version(s)

HTTP Server 12.2.1.3.0

HTTP Server 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Nov 15, 2021