Unauthorized Access Vulnerability in Oracle SOA Suite by Oracle
CVE-2022-21622

7.5HIGH

Key Information:

Vendor: Oracle
Status: Soa Suite
Vendor: CVE Published:; 18 October 2022

Summary

A vulnerability exists in the Oracle SOA Suite within Oracle Fusion Middleware, specifically in the Adapters component. This flaw is easily exploitable by unauthenticated attackers with network access via HTTP, potentially allowing them to execute unauthorized actions on critical data. Successful exploitation can lead to unauthorized creation, deletion, or modification of sensitive information, compromising the integrity of data within Oracle SOA Suite.

Affected Version(s)

SOA Suite 12.2.1.3.0

SOA Suite 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Nov 15, 2021